Closing the Gaps in Endpoint Security in Banking and Financial Services
In this article
The spike in remote work has created an avalanche of distributed endpoints. The result is an interwoven landscape of many types of endpoint devices, from laptops to smartphones to IoT devices. This trend, in turn, leads to opportunities for cybercriminals who focus their attacks on endpoint devices. A Ponemon Institute research study found nearly 66 percent of IT professionals have experienced an increase in the frequency of endpoint-focused attacks over the last 12 months.
The banking and financial services sector is a key target for cybercrime. According to a 2020 cybersecurity report, in the last 12-months, 65 percent of large financial services organizations had suffered a cyber attack. More than 45 percent of them noticed a rise in attacks since the start of the COVID-19 pandemic. These results concur with the findings from Boston Consulting that the financial sector experiences up to 300 times as many cyber attacks per year as other sectors. The remediation costs in the financial sector are higher than that in other industries.
The trouble, it seems, often stems from endpoints.
The State of Endpoint Security Report shows the extent of endpoint impact on security as 70 percent of enterprise breaches originate at the endpoint. Similarly, the Ponemon Institute's "The Third Annual Study on the State of Endpoint Security" highlights some shocking statistics:
- 68 percent of organizations have seen an increased frequency of cyber attacks focusing on endpoints over the previous twelve months.
- 73 percent of respondents point out that new or unknown threats have increased significantly.
- 51 percent concede that they are ineffective in threat detection because endpoint solutions are poor at detecting advanced cyber threats.
The types of cyber attacks that originate or utilize endpoints at some point in an attack chain are varied. Because of this reality, it is becoming increasingly difficult to know which detective controls are needed to stay one step ahead of threat actors.
The types of attacks we see coming against the financial services sector include:
- Phishing: Phishing emails are a major source of cyber-attack that begins on a smartphone. Employees often use a smart device to access corporate emails. This pulls malware onto the device and potentially into the wider enterprise network.
- Ransomware: Ransomware infected endpoints affect the entire connected network, encrypting important and sensitive documents and files.
- Vulnerability exploits (including zero-days): Vulnerabilities on the endpoint are a perfect way into the corporate cloud and apps
- Drive-by downloads: Infected websites allow malicious programs to install to endpoints without user consent.
- Watering holes: Highly targeted attacks that infiltrate legitimate sites and processes within an organization to deliver malware, often using drive-by-download tactics.
Protecting the endpoint is crucial in the fight against cybercrime in the financial and banking sector. For ensuring robust endpoint security, I like to recommend the following three protective measures: visibility, response and efficiency. Like the three legs of a stool, if any one of these is lacking, you're in for some trouble.
Knowing what endpoints you have wins only half of the battle. Visibility, especially in a remote environment, is complicated. A SANS Institute report found that 44 percent of IT teams manage between 5,000 to 500,000 endpoints, though the majority of financial services organizations are "farther right" approaching 100,000 or more endpoints.
Endpoint environments are often complex with multiple operating systems. This can cause 'invisible' devices to fall through the security net, especially when an estate could have upwards of half a million devices. This is reflected in several industry reports, including:
- A poll of 1000 IT professionals showing that 33 percent of respondents did not know how many endpoints they managed.
- A survey by Gemalto (Thales) found that almost half of the organizations (48 percent) could not detect if a mobile device on their network has been breached.
As cyber attacks often begin at an endpoint, it is vital to know what endpoints are part of the expanded corporate network. The absence of this data allows vulnerabilities and weaknesses to escape unnoticed and leveraged as a threat vector.
Endpoint security solutions are designed to make all enterprise endpoints visible, even across a geographically disperse and fragmented landscape. Endpoint security solutions use device-based agents with root access on each endpoint. This level of visibility translates into actionable data. The SOC teams must be informed within minutes if an event is suspect. For example: "why is this third-party DLL being injected into a known-good process?" or "is there unusual disk utilization, which could be indicative of ransomware?". The use of behavioral AI-enabled endpoint agents expands the detection to include not yet recognized threat types.
The response time to detect and mitigate an endpoint attack is critical in the financial sector. This is becoming even more so through regulatory requirements. The latest such regulation to expect a fast response to a cyber attack is the Federal Deposit Insurance Corp (FDIC) and the Office of the Currency (OCC) Office. A proposed new rule requires a bank to notify any 'computer security incident' within 36 hours.
This level of swift response requires an endpoint security solution with the appropriate infrastructure and tools. These tools must abide by the NIST CSF (Cyber Security Framework), based on the premise of "detect, respond and recover."
Efficiency is the central pillar that holds up the first two. Endpoint security solutions need to be extensible, usable and flexible to ensure efficiency when informing personnel at the SOC (Security Operations Center). Evaluators of endpoint security tools should ask the following questions of the solution:
- Is the solution based on an open API?
- Has the API been thoroughly documented?
- Is there a buoyant user community that contributes to innovation?
Time is of the essence in triaging a threat. Responses must be timely and effective. An endpoint security solution that meets the needs of an efficient response at a SOC will deliver long-term cost optimization and meet compliance needs.
A great solution to the endpoint security problem requires a seasoned and mature evaluation based on deep expertise in the area. WWT provides the knowledge needed to dive deeply into endpoint security solutions and deliver the best to the global financial sector. With nearly $800m in equipment and 20,000 VMs, WWT's Advanced Technology Center (ATC) ensures robust endpoint security for your organization by implementing the three pillars of endpoint protection.