4 Ways Cybersecurity Pros Protect Leading Financial Institutions

Introduction

We’re a cybersecurity firm and we’ve been in the business a long time. This means that it is our job to be aware of best-practices as well as the learnings that come from cybersecurity incidents. Cybersecurity incidents happen all the time. But some months just put a big bright spotlight on the need for strong cybersecurity. Take, for example, the month of October, 2023.

In October of 2023, Spanish airline carrier Air Europa experienced a significant cybersecurity breach. Hackers got the financial info of the airline’s customers, including credit card data. The airline then had to go to their customers and ask them to, each one of them, deal with the headache of canceling and replacing their credit cards.

Also in October of 2023, legendary Biotech company 23andMe suffered a “credential-stuffing attack.” When people are curious about their genetics and ancestry, they send their actual DNA to 23andMe. In this breach, there was theft of actual genetic data.

One more story from that same fateful month of October ‘23. Okta security had to announce a breach of its customer support system that allowed hackers to view some client files. The compromise caused their shares to fall 12%.

We share these three stories to preface this article, which is a look at the ever-evolving tactics cybersecurity pros are applying to help financial institutions. If you are interested in the learnings from some recent real world incidents, and how you can apply these learnings, keep reading.

Threat Detection and Response

What happens when suspicious activity is detected that could indicate a security breach? Your institution would need to initiate an immediate investigation, no matter how late, and then enact security protocols while assessing the extent of the breach. Without having made a plan ahead of time, let alone taken preventative steps, the costs can quickly become quite high. Immediate detection and rapid response will mitigate the threat, and a well-trained team will be able to contain the threat and minimize harm.

End-to-End Encryption Techniques

Encryption secures data by converting that data into meaningless and unreadable code that requires a :”key” to decipher it. Encryption ensures that stored information is inaccessible to unauthorized users, and we do this to protect that data from theft or from exposure to bad actors. When data is being shared (“in transit”), encryption safeguards data as it moves across networks, preventing theft or tampering. In the banking industry, robust encryption standards and protocols are essential due to the sensitive nature of financial data. Standards such as AES (Advanced Encryption Standard) for data encryption and TLS (Transport Layer Security) for secure communication are commonly employed. Banks and credit unions must also comply with regulatory requirements, including PCI DSS, which mandates encryption of cardholder data. Balancing encryption with system performance is vital; while strong encryption enhances security, it can also impact system responsiveness. Banks therefore optimize encryption techniques to secure data effectively without significantly hindering system performance, ensuring both security and efficiency in their operations. It can be tempting to remove steps that are perceived to “slow things down,” but nothing slows things down like a major fall in stock price, and, of course, Upstart Cyber can advise on techniques that ensure security and speed.

Compliance Management

Security awareness and practices should be embedded into every level of your organization. This is the first step of creating a culture of continuous improvement. . Leadership should commit to a culture of security, and should encourage regular training and awareness programs to keep security front of mind for all employees. Cross-departmental collaboration ensures that cybersecurity is not siloed. We need each team to understand whether other teams are by necessity engaged in anything that could raise security concerns. In fact, Encouraging reporting of security concerns without fear of repercussion promotes an environment where potential threats can be quickly identified and addressed. The team must be comfortable talking about questions, issues, or challenges. Implementing a feedback loop from security incidents inside or outside the company will illuminate potential vulnerabilities. In fact, this article is written in part to potentially illuminate vulnerabilities in your organization. We at Upstart Cyber believe in knowing – and share – the latest cybersecurity trends and threats!

A Closer Look at Okta

We shared details of the October 2023 Okta breach. What happened? When Okta discovered the breach, they engaged Stroz Friedberg, a cybersecurity forensics firm. The breach was assessed, contained, and nullified. Then came the learnings. In their final report, here are some of the recommendations made by Stroz Friedberg that you can also apply to your organization:

  1. Ensure admin roles are requested, approved and assigned only to authorized users.
  2. Require “step-up authentication” so that only admins are authorized to perform high-impact actions
  3. Continuously monitor IP to protect against session take-over
  4. Restrict access to prevent stealing of SSWS tokens. (SSWS tokens are secure, limited time tokens used to authorize API requests).

Part of doing business in this “very online” world means we must always assess our cybersecurity measures.We at Upstart Cyber have expertise in everything you’ve learned about in this article and we’d love to talk and hear about you and your unique needs. About: At Upstart Cyber, we believe in elite security for financial institutions of all sizes, large and small, because if your customers are trusting you with their valuable business, you deserve security, protection and peace-of-mind. Contact us to explore solutions that work for you.

About 

At Upstart Cyber, we believe in elite security for financial institutions of all sizes, large and small, because if your customers are trusting you with their valuable business, you deserve security, protection and peace-of-mind. Contact us to explore solutions that work for you.