The physical distance imposed by Covid-19 on corporate teams within the financial sector has opened up the opportunity for cybercriminals to attack. Inarguably, many financial institutions are currently facing their most vulnerable phase to date.
As previously reported by The Fintech Times, 16.4 million Covid-19-related cyber threats were detected online in 2020. As large proportions of workforces continue to work from home, corporate incident response teams are bending over backwards to protect their assets.
To provide a better understanding of current cybersecurity threats, and to also suggest how IR teams can better prepare for such threats, Rawad Sarieddine the Vice President META for CrowdStrike discusses such aspects at length in this guest post for The Fintech Times.
Powered by artificial intelligence and founded in 2011, CrowdStrike is a cloud-delivered endpoint protection platform that actively works to prevent security breaches.
Covid-19 has forced the financial services sector to move to a distributed workforce model and in turn, this has heightened the role of incident response (IR) teams to take a more proactive approach in supporting the new remote workforce wherever they are located.
This comes when CrowdStrike has observed a significant increase in criminal activity in recent months, with nefarious players leveraging community interest in government benefits packages and Covid-19 information to launch phishing campaigns. In addition, global banks have been increasingly targeted by denial-of-service ransom attacks and e-crime activity is up over 330% since the start of the year over the same period from 2019.
Financial institutions have an obligation to protect company and customer information, made harder by the era of open and digitalised banking increasing attack surfaces. These fiduciary obligations have been coupled with an increase in remote working due to Covid-19. Many financial institutions have had to scramble to increase their remote working capacity in early 2020. Thus, incident response must be top of mind for businesses, as rectifying an incident effectively will help mitigate losses, reduce future risks and increase business resilience.
There are several ways in which IR teams can ensure business continuity and client satisfaction during ambiguous times. These include:
- Education exercises for C-level management
Incident response teams play a growing role in educating C-level management on familiarisation with cyber hygiene and deploying emergency action plans that enable security teams to invoke procedures, which include revoking targeted accounts and emergency firewall change requests.
Working with IR teams to rehearse drill scenarios such as reporting anomaly behaviour, vulnerability scanning, and emergency patching should be prioritised to ensure everyone is clear on their role and fully prepared when confronted with a breach. As a general rule for any skill, you are only as good as your past practice.
Demand is higher than ever for business leaders to have IT knowledge in their repertoire and IR teams empower this. Even the most intelligent and business astute will likely execute a stressful, unfamiliar situation inadequately.
- ‘Breach counselling’: Beyond the technical side
Individuals are often unprepared for what is often a catastrophic event in their lives when a breach unravels, spiralling into all sorts of conspiracy theories and denying the seriousness of the issue. The five stages of grief (denial, anger, bargaining, depression, and acceptance) are also encountered in customers dealing with a data breach. They are often non-linear, amplified by remote working and not having an IT team on site.
The evolving role of IR professionals integrates emotional awareness and guidance as business leaders often engage in ill-informed decisions during the breach grief cycle such as withdrawing and trying to handle the issue on their own. In typically two out of three cases, the victim is not aware of the breach until informed by a third party, enhancing their distress.
Experienced IR teams facilitate rational thinking for the client and play an empathic role, reassuring teamwork during the investigation. Their expertise to look over your shoulder and provide cyclical, clear communication should be applied to grasp problem-solving methods, make the right decisions and validate confidence in a solution.
- Security infrastructure and change management
IR teams ensure you have a secure infrastructure system in place that is effective remotely. Their expertise should be invested in long-term planning and solutions, as hastily patching up a problem when already compromised is futile.
Many executives plummet into the trap of approving infrastructure without proper testing that can introduce harmful vulnerabilities into a network. Alongside IR teams, businesses need to prioritise updating policies to factor in personal devices, data privacy considerations, and the adoption of new technology. Traditional forensics and legacy systems are no longer enough to combat today’s sophisticated techniques of adversaries. Deploying next-generation security solutions allows greater visibility of endpoints, providing surveillance-like capability to proactively scan for threats. Without an office IT team to access at ease, changes to policy need to be clearly communicated to limit human error.
The number of attacks occurring is rising exponentially and it is impossible to predict when and where they will happen. During these uncertain times, working with IR teams to combat the cyber challenges of a distributed workforce and industry digitisation is vital for the sustainability and resilience of the financial services sector.