By Terrence Driscoll, Chief Information Security Officer at Cyware
The past year has seen numerous ransomware attacks on the financial services industry, with nearly two-thirds of organisations falling victim in one way or another. As a core pillar of modern critical infrastructure, it is no surprise that the sector is being heavily targeted, and as a result, institutions are under constant pressure to enhance their cyber defence strategies to prepare for any eventuality.
A big part of the challenge is that security teams are faced with a constant barrage of never-ending cyber threats. To stay ahead of the risks, threat intelligence has become an important process enabling security teams to understand the capabilities, goals and tactics employed by cybercriminals. When used effectively, this information helps organisations understand and anticipate potential attacks by gathering and analysing data from various sources.
The problem is that only 35% of security professionals say their organisation has a comprehensive understanding of the threat landscape, according to recent research. Even more concerning is that 79% make security decisions without any insight into the threats they face.
The impact of this knowledge gap can be extremely serious, leading to a range of problems, from a delayed response to security threats and increased vulnerability to poor risk mitigation and higher incident response costs. Even for those organisations that focus on threat intelligence, the sheer volume of alerts can overwhelm busy security teams, who need all the help they can get in deciphering which threats need their attention and which don't.
Proactive protection
This is where automated threat intelligence platforms (TIPs) increasingly come into play. Their role is to help security teams gather, organise and manage threat data to improve detection and response efforts.
Automated TIPs work by aggregating and analysing threat data from internal and external sources to give users actionable security insights. They automate the detection of potential threats, correlate indicators of compromise (IOCs) and integrate this information with other security tools, such as Security Information and Event Management (SIEM), Endpoint Detection Response (EDR), and Cloud Security Posture to improve effectiveness.
Instead, users can enhance threat prevention, detection, and mitigation efforts by applying real-time intelligence to significantly improve their security posture and release security professionals to focus on more complex tasks.
TIPs can also integrate structured data, such as IP addresses and malware signatures, alongside unstructured data, including threat reports and emails, providing teams with more detailed insights. This, in turn, helps organisations quickly identify threats and efficiently integrate this intelligence into existing security systems.
This kind of approach also means threat intelligence can be more easily integrated into broader enterprise security infrastructure, removing existing inefficiencies and promoting a strategy that is more closely geared towards threat prevention and mitigation. Collective access to these insights enables security teams to proactively identify and respond to emerging threats, reduce the risk of attacks, and improve the overall effectiveness of the organisation's defence strategy.
Collaboration is key
Threat intelligence platforms and processes are also at their most effective when organisations are members of relevant Information Sharing and Analysis Centres (ISACs). These nonprofit organisations facilitate the sharing of cybersecurity threat intelligence to protect critical infrastructure and enhance collective security.
According to the National Council of ISACs, these organisations help critical infrastructure owners and operators protect their facilities, personnel and customers from cyber and physical security threats and other hazards. They offer a range of capabilities and services, with most ISACs providing "24/7 threat warning and incident reporting capabilities and may also set the threat level for their sectors. And many ISACs have a track record of responding to and sharing actionable and relevant information more quickly than government partners."
In the finance sector, for example, the role of FS-ISAC is to protect financial institutions and the individuals they serve. With around 5,000 member firms worldwide, it operates a real-time information-sharing network that amplifies the intelligence, knowledge, and practices of its members for the financial sector's collective security and defence.
Despite the success of this and other ISACs across a wide range of industry sectors, they remain underutilised. In fact, recent research revealed that 53% of organisations don't yet use these invaluable resources, while 28% weren't even aware of ISACs and their crucial role in managing cyber risk.
In contrast, organisations that integrate today's highly effective automation technologies with a collaborative approach put themselves in an ideal position to meet cybersecurity challenges head-on. Looking ahead, these capabilities will only continue to increase in importance as the risks facing the finance sector continue to grow in volume and sophistication.