Safeguarding financial institutions from nation-state attacks
The International Monetary Fund has warned that financial institutions around the world must be prepared for heightened cyber threats. Given the nature of financial services, the sector is considered a lucrative target – with identity theft and compromised credentials emerging as a key vulnerability. Scott Jarkoff from CrowdStrike shares five steps for building a robust defence.
The financial services industry is a frequent target of nation-state threat actors who are defined by their political motivations. To understand the reasons behind this, we must consider the key objectives of nation-state actors.
For instance, CrowdStrike’s threat intelligence team has identified patterns where Chinese threat actors align their actions with China's national five-year plan. The CCP-backed threat actors’ goals include intellectual property theft and foreign intelligence collection to exert power and influence over other countries.
Similarly, nation-state actors from North Korea align their attacks with the goals of the National Economic Development Plan and specifically monetary gain, through targeted attacks on crypto-currency exchanges and fintech companies with a ready supply of cash.
In the worst-case scenario, nation state cyber actors may also target critical infrastructure such as transport systems, airports and major banks, transcending the cyber realm and potentially bringing cities to a standstill through access to connected industrial devices.
For leaders of financial services institutions, the threat of an attack is real. So how can leaders mitigate the cyber risk? Five key steps that must be taken:
1) Deploy comprehensive cloud-native technology to provide critical visibility
Financial services organisations need to leverage cloud-native security solutions that provide comprehensive visibility and protection across diverse environments, including on-premises and cloud infrastructure.
Additionally, comprehensive cloud-native technology will equip an organisation with modern applications designed to reduce time-consuming operational tasks, empower systems with agility and speed, and eliminate blind spots to provide greater visibility in the network. This creates a holistic view of the network and removes the need for organisations to rely on disconnected and siloed sources, keeping everything streamlined for teams.
2) Augment technology with human-led threat hunting
Introducing threat hunting capabilities compounds the benefits of visibility as this provides intel to recognise the typical behaviours and patterns of cybercriminals – allowing organisations to detect potential threats and intervene before a cyber-attack can occur. Having the knowledge of common adversary behavioural patterns allows cyber leaders to identify a known adversary much quicker too, leading to faster detection and response.
Employing both human-led threat hunting and advanced technology can provide businesses with peace of mind and round the clock protection. It’s important to note that while AI is extremely advanced, there are some gaps where 24/7 human-led oversight and contextual understanding is required to maximise protection.
3) Secure the identity
Organisations are under pressure to ensure their corporate infrastructure and assets, including data, are secure. As adversaries are increasingly leveraging stolen credentials from employees, modern identity protection and management tools must be embedded across the organisation to mitigate this threat.
Organisations can use cybersecurity measures such as multi-factor authentication, identity and privileged access management, and user behaviour analytics to detect and prevent unauthorised access attempts. This will also allow senior users who need access to a wide variety of digital resources authorisation to access critical documents, without needing separate authentication systems and identity stores to carry out their jobs.
4) Focus defensive efforts on adversary behaviours
Businesses can increase the effectiveness of their cybersecurity efforts by adopting an adversary-focused approach. Once a particular adversary is detected, smart systems are then able to react in a strategic manner that expels the adversary whilst also alerting and shielding the overall business.
By monitoring and correlating diverse data sources from around the world – such as network traffic, endpoint telemetry, and threat intelligence – organisations can identify patterns and anomalies associated with malicious activities before they’ve even reached their country. This proactive approach allows for more enhanced detection and response to emerging threats before they can cause significant damage to the organisation, customers, and wider supply chains.
5) Know the adversary
According to research from CrowdStrike, there has been a staggering 130% increase in nation-state intrusions against Asia Pacific and Japan-based financial services entities in 2022. Like the adage “know your enemy”, organisations must understand the different types of threat actors, ransomware groups and cyber adversaries they may be up against.
This intelligence allows leaders to better understand the motivating factors behind a cyber-attack such as monetary gain, political disruption, espionage, or identity theft. For instance, last month, the pro-Russian Killnet hacker group targeted the inter-network infrastructure of the European Investment Bank to destablise the European financial system, including Western countries who have continued to provide financial assistance to Ukraine.
About the author: Scott Jarkoff is Director of Intelligence Strategy for the Asia Pacific, Middle East, Turkey, and Africa region at CrowdStrike.