Three strategies for winning the cybersecurity arms race

As cybersecurity attacks against financial institutions continue to escalate, banks and other financial organizations must take proactive measures to protect themselves and their data. Here are three strategies they can use to guard against potential intrusions.

A 2020 report by the Federal Reserve Bank of New York (FRBNY) modeling the potential impact of a cyber attack on a single U.S. bank predicted troubling outcomes that still loom large in today’s rapidly evolving threat landscape. The model estimated that a one-day attack on a top 5 US bank would impact 38% of U.S. financial institutions. Worse, an attack perpetrated against a large bank and a group of medium and smaller banks would impair an average of 60% of banks by assets.

Since the report was issued the financial services sector has become one of the top 5 industries for cyber attacks – and banks and hackers have both become more adept at using technology to achieve their objectives. Today, 98% of financial institutions are using some form of cloud computing, up seven percentage points from 2020, and banks are heavily investing in artificial intelligence (AI). Meanwhile, hackers have succeeded in creating AI-built phishing schemes and effectively using edge devices for Distributed Denial of Service (DDoS) attacks.

How can banks win this cybersecurity arms race and ensure resiliency in the face of possible attacks? This can only be achieved through collaboration, automation, and standardized controls for more secure cloud deployments.

Collaborate: make intelligence sharing a key defensive weapon

Organizations in the financial sector believe that an attack on one is an attack on all. Thus, many financial institutions around the world have committed to sharing intelligence about threats and vulnerabilities to protect the infrastructure of the entire financial system.

Their efforts have been buoyed by frameworks and guidelines that have been created to improve information-sharing on cybersecurity incidents within the financial industry. For example, the Switzerland-based Financial Stability Board’s Achieving Greater Convergence in Cyber Incident Reporting features 16 recommendations on the collection and sharing of cybersecurity information between financial institutions. In the United States, the Securities & Exchange Commission’s cybersecurity rules require registrants to disclose cybersecurity incidents and the steps they took to mitigate those incidents.

The calls for greater transparency herald a new age of collaboration among banks. While intelligence-sharing across borders remains difficult to do in Asia, where geopolitical dynamics often hamper regional data exchange, it’s become more commonplace and easier to do in insular environments like the European Union (EU), the United States, and other countries. These areas are leading the charge for better cybersecurity within the financial sector, and technology plays an important role in their efforts.

Automate: Reduce attack response and remediation times

The Digital Operation Resilience Act (DORA) is a great example of a government mandate that puts technology at the forefront of risk management. Although created specifically for the European financial sector, it serves as a good cybersecurity blueprint for financial services organizations in all countries, including the U.S.

DORA calls out “the existing high level of interconnectedness across financial entities, financial markets, and financial market infrastructures” as areas of concern. Like the FRBNY report, it notes that localized cyber incidents could quickly spread throughout Europe’s entire financial system.

According to the EU, one way to prevent this from happening is to contain the damage by “implementing automated mechanisms to isolate affected information assets.” Financial organizations must be able to quickly and automatically identify the source of an attack, isolate and remediate it, stop it from spreading, and recover quickly.

Security managers can work with developers to create automation protocols designed to detect and prevent intrusions, build and maintain enterprise firewalls, and more. For example, open-source projects like the Ansible infrastructure-as-a-service platform offer simple-to-use, pre-built playbooks that let teams quickly create automated security tasks. Once deployed, these tasks can help financial organizations significantly reduce the time it takes to discover and contain potential intrusions and remain resilient in the wake of an attack.

Standardize: Unify cloud controls for better resiliency

DORA also cites the “potentially severe” risk to the financial services industry if a cloud service provider that hosts many banks were to become compromised. Indeed, the issue of cloud concentration risk – the danger that a security breach of a single cloud service could result in potential disruptions and data breaches for many organizations – is a real concern that must be addressed.

Yet again, the open source community, along with members of the financial community, is addressing this issue by creating cloud security controls. In 2023, the Fintech Open Source Foundation (FINOS) announced a collaborative project to standardize controls for public cloud deployments in the financial sector. The goal, according to FINOS, is to “develop a unified set of cybersecurity, resiliency, and compliance controls across the major cloud service providers.” Many financial institutions, including Citi, Morgan Stanley, the Royal Bank of Canada, and others are involved in the project.

The FINOS project is just one example of the open source community’s efforts to provide all organizations, including financial institutions, with better security and control over cloud deployments. The efforts stem from the community’s unwavering commitment to transparency, intelligence-sharing, collaboration, and using cutting-edge tools to mitigate risks.

It’s not a coincidence that these are the same ideals that the financial services industry is also embracing. They are, after all, the core tenets that will protect all organizations against escalating cybersecurity risks, and they are the keys that will help financial institutions stay secure and resilient against current and future threats.

  • Richard Harmon

    Dr. Harmon is the Global Head of Financial Services at Red Hat. He joined Red Hat in December, 2020 and has more than 25 years of experience in capital markets with specializations in risk management, advance analytics, fixed income research and simulation analysis. Prior to working at Red Hat, Dr. Harmon was managing director of financial services at Cloudera for 5 years and has held senior positions at Citibank, Bankers Trust, J.P. Morgan, BlackRock, Bank of America and Countrywide Capital Markets, First American CoreLogic, and SAP.