How bank CISOs can respond to a digital hostage scenario

An image of CISO Hostages, Fintech, How bank CISOs can respond to a digital hostage scenario

Drawing from VMware’s annual Modern Bank Heist report, Tom Kellermann, Head of Cybersecurity Strategy at VMware, shares his best practices to defend against modern bank heists.

Trust has always been the cornerstone of the banking industry. Without customer confidence that their assets are secure, banks cannot function. A reputation for having the strongest vaults with the thickest walls and unpickable locks is fundamental. But, as the means of protecting financial assets has moved from the physical to the digital realm, the role of custodian of customer trust has shifted inexorably onto the shoulders of CISOs. Now, cybersecurity is not just essential to preventing criminals from theft, it has become a brand protection imperative.

VMware’s annual Modern Bank Heist report has identified critical escalations in the sophistication and coordination of attacks against the financial services sector. Cybercriminals and nation-state actors are capitalising on the dual disruptions of the global pandemic and banks’ ongoing digital transformation programmes to broaden and deepen their attack techniques. They are no longer focused simply on direct monetary gain through wire transfer fraud but on hijacking, the digital transformation of a financial institution through island hopping and holding them hostage to the threat of destructive attacks.

Island hopping escalates as attackers hijack banks

38 percent of the financial institutions surveyed in the study said they had encountered island hopping, representing a 13 percent increase over 2020 (respondents were asked to exclude the SolarWinds campaign from their response).

Island hopping has become the attack vector of choice because, as banks have digitised and their supplier ecosystem has grown, the attack surface has expanded correspondingly; there is quite simply more opportunity now than ever before. And to capitalise on it, cybercrime cartels have taken the guesswork out of the game by studying the interdependencies of financial institutions. They have identified entities such as the Managed Service Providers and outside Counsels used by their target companies. These businesses have become the prime target for infiltration as a stepping stone into the target network. What might previously have constituted a “lucky hit” for a cybercriminal campaign is now a well-researched route to a valuable payoff.

Another commonly reported form of island hopping is watering hole attacks. Here, adversaries hijack websites or mobile apps used by customers for digital banking. This has a direct brand impact where customer’s trust in the visual assets they associate with the bank is hijacked to steal credentials or money. The reputational damage caused by these attacks is immense.

CISOs’ respond to increased attacks

Faced with these escalating and stealth-focused tactics, what should CISOs be doing in response? The financial institutions we surveyed are committing budget to the battle, with eight in ten planning to ramp up spending by between 10-20%.

In terms of where spending will be focused, investment priorities include: Extended detection and response (XDR); threat intelligence; workload security and container security. These priorities paint a picture both of how attacks have evolved and the new cloud-based infrastructure that has become the target.

Particularly encouraging is the frequency and impact of threat hunting. 48% of surveyed institutions conduct weekly threat hunts and, as programmes become more mature and hunters gain more understanding of their environment, they are driving change at a process and technology level. We are seeing more use of data science, machine learning and artificial intelligence to determine what normal looks like and spot anomalies. This is driving a true partnership between human-led hunting and automation.

Best practices to defend against modern bank heists

Adversaries are focusing on gaining undetected access to networks and this means that incident response must be conducted under the assumption that the network has been compromised. The following best practices are advised for defence teams:

  1. Deploy honey tokens or deception grids, especially on attack paths that cannot be hardened.
  2. Apply just-in-time administration.
  3. Integrate your network detection and response with your endpoint detection platform.
  4. Deploy workload security.
  5. Conduct weekly threat hunting.
  6. Stand up a secondary line of secure communications to discuss ongoing incidents without risk of interception and compromise. This channel should allow for talk, text and file transfer.
  7. When responding to an incident- Assume the adversary has multiple means of gaining access to the environment and avoid alerting them that you know they’re there. Watch and wait before taking action – don’t start blocking malware or terminating C2 systems until you are sure you understand all possible avenues of re-entry.
  8. Deploy agents in monitor-only mode. If you begin blocking or impeding their activities, they will change tactics, potentially leaving you blind to their additional means of re-entry. Rename agents to something innocuous.

On top of these tactical activities, we need to see a strategic shift. Three quarters of CISOs at financial institutions still report to CIOs, yet the landscape has changed dramatically over the past year. The switch to work from anywhere has put cybersecurity and CISOs at the centre of business continuity and resilience. CISOs should be promoted to a true C-level to ensure they have the strategic influence they need to discharge their role effectively. As custodians of a financial institution’s greatest asset – customer trust – their position should be elevated accordingly.

READ MORE:

Financial institutions are unquestionably facing new and more pernicious threats but, by leveraging advanced tools and intelligence, they can successfully hunt out and suppress cyber cartels preying on the extended ecosystem. Trust and confidence will depend on vigilant digital transformation.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

An image of CISO Hostages, Fintech, How bank CISOs can respond to a digital hostage scenario

Luke Conrad

Technology & Marketing Enthusiast

Nutanix on OVHcloud US Offers a Hybrid Multicloud Solution

Joon Lee • 11th September 2023

Nutanix is a leading cloud computing software company that helps companies simplify their cloud strategies by using hyperconverged infrastructure (HCI) environments. Hyperconvergence is a software-centric architecture that tightly integrates compute, storage, networking, and virtualization resources and other technologies on commodity hardware servers supported by a single vendor.

OVHcloud Is at the Forefront of the Data Revolution

Karen Kokiko • 11th September 2023

Information technology is going through a digital transformation and reshaping how we do business, how we interact, how we make decisions, and how we influence our society. OVHcloud® is at the forefront of this data revolution, standing apart from the competition with a strong commitment to creating a level playing field and the opportunity for...

Right Sizing & Workload Optimization in the Cloud

Joon Lee • 11th September 2023

Organizations facing the challenges of scaling their cloud infrastructure can achieve improved performance by implementing the principles of right sizing their infrastructure. This practice is essential for optimizing cloud infrastructure and enhancing its overall effectiveness. In this guide, we will discuss the benefits of right sizing, including optimizing costs, eliminating waste and improving performance. We’ll...

OVHcloud Is at the Forefront of the Data Revolution

Karen Kokiko • 11th September 2023

Information technology is going through a digital transformation and reshaping how we do business, how we interact, how we make decisions, and how we influence our society. OVHcloud® is at the forefront of this data revolution, standing apart from the competition with a strong commitment to creating a level playing field and the opportunity for...

Can Europe take on the US Cloud giants?

Richard Hilton • 30th August 2023

With so many issues coming up about cloud storage, what is the solution to the dominance of the major giants like AWS (32%), Microsoft (23%) and Google (10%) taking 65% of the world cloud market?

The race to dominate the AI space

Kevin Cole • 24th August 2023

The launch of Chat GPT-4 in March of this year provided the catalyst for a conversation that has been gaining momentum for some time now: How will artificial intelligence (AI) change the world?