Every year, the Financial Industry Regulatory Authority (FINRA) releases a letter examining the most pressing issues threatening the financial services industry. Unsurprisingly, cybersecurity remains in the forefront of FINRA’s concerns. Together with the National Institute of Standards and Technologies, FINRA issued a series of recommendations for how businesses can fortify their cybersecurity defenses, including an analysis of existent practices and a checklist of recommendations for small financial firms.
While these recommendations comprise a solid beginning to fortifying your firm against breaches, they are just that—a beginning. Financial firms face distributed denial of service (DDoS), malware infections, insider threats, ransomware, cyber-enabled fraudulent wire transfers, nation state and terrorist attacks. Motivations range from opportunistic, to ideology, to financial gain. At the same time the capabilities of malicious actors are increasing.
To remain a step ahead, these three security resources can take your business to the next level of security.
Breach Analytics and Monitoring
Intrusion detection has existed in the cybersecurity realm for years, dating back to the late 90’s, and has been considered best practice in large financial services firms, the Department of Defense and other federal government organizations since inception. The driving concept behind intrusion detection is to analyze network, host and data access searching for known bad, anomalous or suspicious activity which may indicate an attempt or successful compromise of an organization.
Advances in intrusion detection have been substantial leading to next generation breach analytics and monitoring platforms. In short, next generation breach technology marries the numerous advances in capabilities such as heuristics, machine learning, statistical analysis and threat intelligence into a single product that continuously monitors potential problems from several vantage points using the right tool for the job to identify, prevent and triage breaches.
The terms “breach” and “intrusion” are often used interchangeably; however, with breach analytics and monitoring, the main function serves to identify attacks in near real time while also examining for breaches that may have occurred in the past. The average time to detect an attack is 200+ days. If your intrusion detection system didn’t recognize it as it happened, it has no ability to go back in time and identify the breach when it occurred months ago. This is where breach analytics and monitoring technology shines. These systems serve as a time machine, ingesting new threat intelligence and searching past activity to identify attacks that occurred in the past.
Security Incident Response Platform
An incident response plan (IRP) typically lays out all of the steps needed to ensure detection, analysis, containment, eradication and recovery after a security breach has occurred. This process requires skills in short supply and is time critical to reduce risk and losses to the organization. A new cyber security market has developed for Security Incident Response Platforms (SIRP), also referred to as Security Automation and Orchestration.
These platforms allow organizations to define their incident response workflows to automate numerous steps increasing their efficiency and effectiveness while scaling more experienced staff. Automated incident response behaves like a dedicated CSIRT, but at machine speed, meaning it can quickly kill running processes, remove malicious files, halt data exfiltration and notify all appropriate parties, simultaneously.
While larger firms may employ a dedicated 24×7 Computer Security Incident Response Team (CSIRT) to handle such response, smaller firms may outsource to third-party vendors. Either way, many still rely on a manual, rather than automated, response to cybersecurity breaches.
Managed Security Service Provider
ne of the largest hurdles for any organization trying to build out their cyber program is skilled personnel. According to the Center for Strategic and International Studies, in the U.S. alone 209,000 cyber security positions went unfilled.
Looking to a Managed Security Service Provider (MSSP) is an excellent way to ensure 24×7 coverage in addition to gaining access to highly skilled and experienced personnel. MSSP’s can provide continuous monitoring for malicious activity, incident response capabilities and are able to cost effectively design, deploy and manage security solutions to provide complete visibility to threats, security gaps, network awareness and application usage. Many MSSPs also provide compliance offerings to meet industry specific standards and ensure clients meet a certain level of due diligence. To reduce the complexity of a MSSP engagement, consider deploying a multi-function security solution to provide cost effective capabilities that are are easier to manage when adhering to FINRA’s cybersecurity suggestions.
Extra Steps for Extra Precaution
Given the sensitivity of client data, volume and velocity of transactions, dollars involved, and the possibility of insider trading and fraud, the impact to financial investment organizations by a security breach could range from fines to disqualification of the firm to conduct business. Oversight from the Securities and Exchange Commission (SEC) and FINRA ensure that financial investment firms provide reasonable duty of care, or due diligence to protect sensitive information, operations and the larger market.
While the checklist and recommendations provided by FINRA constitute basic due diligence, the impact of a security breach should be enough to prompt financial firms to take extra steps in securing their business against internal and external threats. By employing breach analytics and monitoring, a cohesive incident response plan bolstered by a SIRP and partnering with an MSSP, financial firms are able to enhance their compliance with FINRA’s suggested cybersecurity and create a robust security toolkit to protect their bottom line and fortify against attack and intrusion.