If asked what the top industry for cyberattacks is, everyone would likely mention financial services. Banks, specifically, continue to be one of the top targets for cybercriminals, due to the critical assets financial institutions possess – primarily personal customer data and money.
It is one of the most targeted sectors for a reason, with the cost of cybercrimes being the highest in the banking industry, reaching $18.3 million annually per company. But, the financial industry is also known to have some of the most mature cybersecurity programs, which equates to quick remediation.
In recent years, we’ve seen a rise in digital banking, which was largely accelerated by the pandemic. This has led to an increased, more complex attack surface for cybercriminals, and more entry points.
In fact, in the first half of 2021 alone, the industry reported 30% more ransomware attacks than in all of 2020. As a result, regulators and cyber insurance underwriters have become stricter, making it vital – and often required – that banks, and the financial industry as a whole, have offensive cybersecurity strategies in place that are tailored to their unique threat landscape.
As financial institutions grapple to adhere to these mandates, many have seen the value in metrics in meeting such strict requirements. There are many ways to utilize metrics for business success, including determining a company’s IT footprint, time to breach remediation, and revenue being prioritized for security measures, just to name a few. In this piece we’ll dive into three of the top metrics cybersecurity experts can use to adhere to regulatory demand.
What is a given company’s IT footprint?
An organization’s IT footprint is anything that gives an accurate depiction of all its assets. These assets can include, identity applications (third party and mobile), IP addresses, vendors, websites, devices, services, locations, and connections.
The financial industries assets are vast, making the scope of threats greater than other industries. However, the financial IT footprint is changing, causing the industry structure to change. Therefore, cybersecurity procedures need to change with it and adopt tools to help them evolve. There are tools and technology – such as configuration management database (CMDB) or asset management – that companies can use on an ongoing basis to help them identify, track and detect all known and unknown vulnerabilities before they become fatal to the business, such as attack surface management, among others.
By having technology in place that can track metrics and have them set up prior to a potential threat from cybercriminals, and taking inventory of all endpoints, organizations have a better 360-view of all security postures and assets. It also allows business leaders and IT professionals to see how much it costs to manage the organization’s assets. Understanding how much assets are worth now and setting up precautions accordingly is a vital first step in preparation. However, it does need to adapt as the financial industry evolves.
How long does it take to remediate an incident by cybercriminals?
It’s just as important when communicating a breach to be timely and accurate, as it is when remediating the aftermath of a cyberattack. To ensure organizations can manage and mitigate their cyber risks in real-time, security teams need to measure and track how long it takes to remediate a breach by cybercriminals and consistently relay that information to business decision-makers. This will allow organizations to create a benchmark. Having a system in place that allows IT professionals to track how long it takes to fix a critical vulnerability and how long it took to identify the issues and discover the ramifications, will provide leaders with the data needed to see the company’s complete risk profile and understand their resiliency against cyberattacks.
Understanding the overall risk profile also makes it easier to adapt when business changes occur, such as increases in employee size, profitability, or footprint. As these shifts happen, organizations should ramp up and leverage pentesting tools, combined with human expertise, to help find holes in security systems and remediate vulnerabilities before they become a risk to the organization.
How much of a company’s revenue is spent on security? Is that enough of a prioritization?
The banking and financial industries are likely to invest more in cybersecurity programs compared to any other industry. In fact, it’s expected that total investment will be more than 30% of all security spending worldwide. But, given the amount of harm that could come to an organization and its customers if breached, financial organizations should be prioritizing the increased spending on risk assessment. Security and IT leaders should work alongside the company’s CFO, risk & compliance and audit teams to track progress over time and determine what percentage of revenue makes sense to be allocated to cybersecurity.
This goes back to deploying an offensive security approach and implementing new technologies that will help IT leaders understand the full cybersecurity implications picture. It’s also vital to understand what revenue is currently being spent on cybersecurity needs, how that number has changed over the last, say five years, and how many breaches have happened in that span of time. Knowing this, and keeping track of it over time, can indicate how healthy an organization’s security program is and where leaders should focus their resources.
It’s never been more important to be strategic when improving cybersecurity measures in the financial industry. Business leaders need to remain vigilant and ensure they have the proper measures in place – including thinking through how security changes in a remote or hybrid setting and how plans coincide with regulatory requirements domestically and internationally. Additionally, it’s important for leaders to track context over time, as organizations grow or shrink, the risk and possible threats will change. Risk varies on size, financial institution speciality, bank type and location.
Financial cybersecurity is an ongoing effort rather than a one-time fix. Continuously looking at processes and re-evaluating them to improve along the way is essential to creating an offensive security strategy that works – and the metrics chosen to measure will determine the outcome of a potential cyberattack.