4 Ways Financial Institutions Make the Most of Cyber Threat Intelligence
Financial Institutions Are Bombarded by Cyber Threats Today
If you’re in banking, insurance, or another financial sector, then it won’t come as a shock to hear that the range and severity of threats you face are some of the worst of any industry. In fact, financial institutions were the most attacked sector in 2020 based on the data breaches Flashpoint observed on cybercriminal forums, accounting for nearly one-fifth (19%) of all observed breaches.
Converging business and technology trends are also upending how FIs approach the way they protect their organizations today. For Koral Anderson, former Chief Security Officer (CSO) of Deutsche Bank, one of the biggest issues facing her team is “…the evolution of credit card theft and retail account takeover (ATO) into wholesale financial attacks.” Anderson added that threat actors “attacking business processes from the inside” and targeting the bank’s clients are two other mounting threat vectors for the security team and the global financial institution they’re tasked with protecting.
Four Practical Ways Financial Institutions Make the Most of CTI
For security and fraud teams to leverage CTI effectively, they must first advance their understanding of what it does and move past outdated notions of CTI as a generic security or threat “feed.” Cyber threat intelligence today offers far more to teams than a passive source of information, and is leveraged most effectively when teams implement CTI with specific, concrete objectives in mind. For guidance on designing your program’s CTI initiatives and tracking its performance through tangible metrics, read: 3 Threat Intelligence KPIs to Win Your ROI Business Case.
Below, we highlight four of the most valuable ways FIs can apply cyber threat intelligence. The key element for each of these is in designing the CTI objective up front, building on the existing operational structure and outcomes where possible.
1) Supercharge Security Operations and Analytics
Even small and mid-sized financial institutions face an onslaught of cyberattacks that could rival any other Fortune 500 organization. As a result, SOC analysts and incident response (IR) teams are drowning in this sea of noise generated by all of the inbound alerts and incidents they need to triage.
Equipped with cyber threat intelligence, analysts can sift through the false-positives and false-negatives more efficiently, prioritizing event severity more accurately through the additional threat context CTI provides. Clear understanding of threat actor tactics, techniques, and procedures (TTPs) makes it easier to assess event relevance and its potential impact, while easy API integrations with indicators of compromise (IOC) and common vulnerability and exposure (CVE) enrichments ensure full 360-degree visibility is available directly in the SIEM, SOAR, TIP, vulnerability management, or other tool of your choosing.
2) Detect and Mitigate External Threats Faster
Increasingly, many of the threats targeting banking, insurance, and other financial institutions today can be discovered and neutralized more quickly when first detected externally online. Through continuous and tailored monitoring, you automate the detection of new external threats and exposures that put your data, assets, and people at risk.
With cyber threat intelligence, financial institutions receive immediate notifications and can take rapid action to mitigate any external threat, including:
- Typosquatting and phishing sites. Track the near infinite permutations of your domain and brand names. Then whenever a new or previously benign domain activates into a malicious phishing site, you can execute rapid takedowns through one-click platform requesting.
- Compromised credentials. Monitor your organization’s exposure to all of the massive historical and new breaches that expose your employees’ and your customers’ sensitive data and login credentials online, which leaves them vulnerable to attacks like account takeovers (ATOs).
- Insider threats. Where do insiders go with their valuable stolen information? Online and on deep and dark web communities, well-outside the purview of the organization. Leverage CTI to identify cybercriminal recruitment efforts seeking out insider accomplices and monitor for active insiders as they attempt to sell your sensitive and strategic data to the highest bidder.
- Third-party risk. Due to breaches like SolarWinds and Accellion, thousands of organizations were left exposed in recent months as vulnerabilities were discovered in the third-party applications and services they were using. With CTI in hand, security teams can monitor for emerging vulnerabilities and conduct threat assessments to perform due diligence and more actively track third-party vendor and supply chain risks.
3) Mitigate Payment and Credit Card Fraud
On average, financial institutions suffer an estimated $300 loss, per stolen credit card. These losses add up quickly when you account for the near 45% hike in reported losses from card fraud, comparing 2019 to 2020 (271,927 vs. 393,207) based on research from the U.S. Federal Trade Commission (FTC).
To combat escalating payment and credit card fraud threats, financial institutions can leverage the only unified card fraud dashboard and analytics on the market. Fraud teams gain access to all of Flashpoint’s compromised card datasets with integrated reporting and features like benchmarking metrics, centralized BIN management, and flexible tagging for efficient reviewing and triage.
4) Prepare Your Ransomware Response
Ransomware attacks continue to plague organizations of all sizes and industries. Just recently, the ransomware group “DarkSide” compromised Colonial Pipeline, taking its systems offline for close to a week and, as a result, disrupted the gas supply for over 5,500 miles of the US southeastern corridor. Far from its only ransomware victim, DarkSide’s targets are more commonly in financial services and technology sectors. As high-profile ransomware attacks continue to make headlines, it’s important to note that these events are only a small portion of the total number of incidents when accounting for the many other ransomware attacks that get kept private.
Irrespective of how secure you believe your financial institution to be, it’s wise to plan for crises scenarios. Prepare and test your ransomware response plan should the unthinkable happen with a ransomware attack or a different variation of cyber extortion strike your organization. When assessing your response readiness, make sure to evaluate your ability to acquire necessary cryptocurrency funds, to perform secure and safe transactions, and to adequately assess the threat actor’s motives and likelihood to follow through on its ransom threat should choose not to negotiate.
Bonus: Collaborate with Financial Institutions in a Trusted Peer Community
Now more than ever, financial institutions need ways to collaborate with industry peers and share threat information in quick, safe, and reliable formats. Especially during fast-developing incidents, rapid insights and contextualized attribution is crucial to properly assess your risk exposure and determine appropriate next steps. Through both information sharing and analysis industry groups, like FS-ISAC, and more actively curated sharing channels, like Flashpoint’s information-sharing group “FPCollab”, these active forms of strategic and tactical collaboration are absolutely and increasingly essential.
Turn Insight into Action with Flashpoint
Sign up for your demo now! See firsthand the many ways Flashpoint helps banking, insurance, and other financial institutions stay protected and can equip you with the actionable threat intelligence you need to identify and respond to brand, fraud, and cyber threats wherever they reside.