How bank CISOs can respond to a digital hostage scenario

Drawing from VMware’s annual Modern Bank Heist report, Tom Kellermann, Head of Cybersecurity Strategy at VMware, shares his best practices to defend against modern bank heists.

Trust has always been the cornerstone of the banking industry. Without customer confidence that their assets are secure, banks cannot function. A reputation for having the strongest vaults with the thickest walls and unpickable locks is fundamental. But, as the means of protecting financial assets has moved from the physical to the digital realm, the role of custodian of customer trust has shifted inexorably onto the shoulders of CISOs. Now, cybersecurity is not just essential to preventing criminals from theft, it has become a brand protection imperative.

VMware’s annual Modern Bank Heist report has identified critical escalations in the sophistication and coordination of attacks against the financial services sector. Cybercriminals and nation-state actors are capitalising on the dual disruptions of the global pandemic and banks’ ongoing digital transformation programmes to broaden and deepen their attack techniques. They are no longer focused simply on direct monetary gain through wire transfer fraud but on hijacking, the digital transformation of a financial institution through island hopping and holding them hostage to the threat of destructive attacks.

Island hopping escalates as attackers hijack banks

38 percent of the financial institutions surveyed in the study said they had encountered island hopping, representing a 13 percent increase over 2020 (respondents were asked to exclude the SolarWinds campaign from their response).

Island hopping has become the attack vector of choice because, as banks have digitised and their supplier ecosystem has grown, the attack surface has expanded correspondingly; there is quite simply more opportunity now than ever before. And to capitalise on it, cybercrime cartels have taken the guesswork out of the game by studying the interdependencies of financial institutions. They have identified entities such as the Managed Service Providers and outside Counsels used by their target companies. These businesses have become the prime target for infiltration as a stepping stone into the target network. What might previously have constituted a “lucky hit” for a cybercriminal campaign is now a well-researched route to a valuable payoff.

Another commonly reported form of island hopping is watering hole attacks. Here, adversaries hijack websites or mobile apps used by customers for digital banking. This has a direct brand impact where customer’s trust in the visual assets they associate with the bank is hijacked to steal credentials or money. The reputational damage caused by these attacks is immense.

CISOs’ respond to increased attacks

Faced with these escalating and stealth-focused tactics, what should CISOs be doing in response? The financial institutions we surveyed are committing budget to the battle, with eight in ten planning to ramp up spending by between 10-20%.

In terms of where spending will be focused, investment priorities include: Extended detection and response (XDR); threat intelligence; workload security and container security. These priorities paint a picture both of how attacks have evolved and the new cloud-based infrastructure that has become the target.

Particularly encouraging is the frequency and impact of threat hunting. 48% of surveyed institutions conduct weekly threat hunts and, as programmes become more mature and hunters gain more understanding of their environment, they are driving change at a process and technology level. We are seeing more use of data science, machine learning and artificial intelligence to determine what normal looks like and spot anomalies. This is driving a true partnership between human-led hunting and automation.

Best practices to defend against modern bank heists

Adversaries are focusing on gaining undetected access to networks and this means that incident response must be conducted under the assumption that the network has been compromised. The following best practices are advised for defence teams:

  1. Deploy honey tokens or deception grids, especially on attack paths that cannot be hardened.
  2. Apply just-in-time administration.
  3. Integrate your network detection and response with your endpoint detection platform.
  4. Deploy workload security.
  5. Conduct weekly threat hunting.
  6. Stand up a secondary line of secure communications to discuss ongoing incidents without risk of interception and compromise. This channel should allow for talk, text and file transfer.
  7. When responding to an incident- Assume the adversary has multiple means of gaining access to the environment and avoid alerting them that you know they’re there. Watch and wait before taking action – don’t start blocking malware or terminating C2 systems until you are sure you understand all possible avenues of re-entry.
  8. Deploy agents in monitor-only mode. If you begin blocking or impeding their activities, they will change tactics, potentially leaving you blind to their additional means of re-entry. Rename agents to something innocuous.

On top of these tactical activities, we need to see a strategic shift. Three quarters of CISOs at financial institutions still report to CIOs, yet the landscape has changed dramatically over the past year. The switch to work from anywhere has put cybersecurity and CISOs at the centre of business continuity and resilience. CISOs should be promoted to a true C-level to ensure they have the strategic influence they need to discharge their role effectively. As custodians of a financial institution’s greatest asset – customer trust – their position should be elevated accordingly.

READ MORE:

Financial institutions are unquestionably facing new and more pernicious threats but, by leveraging advanced tools and intelligence, they can successfully hunt out and suppress cyber cartels preying on the extended ecosystem. Trust and confidence will depend on vigilant digital transformation.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Luke Conrad

Technology & Marketing Enthusiast

Birmingham Unveils the UK’s Best Emerging HealthTech Advances

Kosta Mavroulakis • 03rd April 2025

The National HealthTech Series hosted its latest event in Birmingham this month, showcasing innovative startups driving advanced health technology, including AI-assisted diagnostics, wearable devices and revolutionary educational tools for healthcare professionals. Health stakeholders drawn from the NHS, universities, industry and front-line patient care met with new and emerging businesses to define the future trajectory of...

Why DEIB is Imperative to Tech’s Future

Hadas Almog from AppsFlyer • 17th March 2025

We’ve been seeing Diversity, Equity, Inclusion, and Belonging (DEIB) initiatives being cut time and time again throughout the tech industry. DEIB dedicated roles have been eliminated, employee resource groups have lost funding, and initiatives once considered crucial have been deprioritised in favour of “more immediate business needs.” The justification for these cuts is often the...

The need to eradicate platform dependence

Sue Azari • 10th March 2025

The advertising industry is undergoing a seismic shift. Connected TV (CTV), Retail Media Networks (RMNs), and omnichannel strategies are rapidly redefining how brands engage with consumers. As digital privacy regulations evolve and platform dynamics shift, advertisers must recognise a fundamental truth. You cannot build a sustainable business on borrowed ground. The recent uncertainty surrounding TikTok...

The need to clean data for effective insight

David Sheldrake • 05th March 2025

There is more data today than ever before. In fact, the total amount of data created, captured, copied, and consumed globally has now reached an incredible 149 zettabytes. The growth of the big mountain is not expected to slow down, either, with it expected to reach almost 400 zettabytes within the next three years. Whilst...

What can be done to democratize VDI?

Dennis Damen • 05th March 2025

Virtual Desktop Infrastructure (VDI) offers businesses enhanced security, scalability, and compliance, yet it remains a niche technology. One of the biggest barriers to widespread adoption is a severe talent gap. Many IT professionals lack hands-on VDI experience, as their careers begin with physical machines and increasingly shift toward cloud-based services. This shortage has created a...

Tech and Business Outlook: US Confident, European Sentiment Mixed

Viva Technology • 11th February 2025

The VivaTech Confidence Barometer, now in its second edition, reveals strong confidence among tech executives regarding the impact of emerging technologies on business competitiveness, particularly AI, which is expected to have the most significant impact in the near future. Surveying tech leaders from Europe and North America, 81% recognize their companies as competitive internationally, with...