Cybersecurity in the financial sector: knowing your enemy
The financial sector is one of the most critical and sensitive sectors. Cybercriminals look to exploit it for large amounts of money and financial information. The attacks range from exploiting any vulnerability (digital or physical) to take profit by means of extortion, theft, fraud and impersonation. Moreover, the financial sector is a strictly regulated sector that deals with many risks.
The rise of novel technologies leads to new business models. They bring new ways to manage the information of users and the entity in a much more efficient way. However, they also bring new threats with them that should be addressed consequently. Cybersecurity is not any more just a cost for the financial institutions. It must be naturally integrated in the business processes and units in order to integrate new technologies while maintaining the same (or lower) level of risk for the entity. This way, new technologies have to be deeply analysed, not only for assessing their suitability but also to be able to improve their security. This implies white hacking activities for determining how the bad guys and fraudsters can take advantage of them for perpetrating their attacks.
Nowadays we live in a connected world where attacks are designed, performed and coordinated from different countries. This requires organizations to have as much as possible information about what is happening in terms of cyberthreats (“are new vulnerabilities that affect us discovered”), attacks to other organizations (e.g. ransomware attacks), etc. Attackers communicate and share information so we, cybersecurity engineers, should do the same.
This way, organizations communicate with specialized platforms for sharing cyber-intelligence information in order to I) be alert and up-to-date of the current status of cybersecurity and II) share with other organizations or LEAs information about cyberattacks while maintaining privacy and data protection. By collecting, aggregating and analyzing information coming from different organizations, financial institutions can prevent incidents, improving defense against a specific attack that exploit concrete vulnerabilities of devices, tools or processes before it happens. If a financial institution is the target of a particular attack it is needed that the rest of the financial sector is aware of it and is able to detect and prevent that the same attack don’t happen to other financial institutions. Moreover, in those cases time is critical, so an infrastructure is needed to assure that information flows swiftly.
With that said, in current days it is becoming clearer in the majority of the sector that in order to improve their cybersecurity, financial institutions need to share threat-related information and consolidate cyber intelligence. So, once we are aware of the need for sharing the data, the question is how can it be done in a way that fulfill all the needs identified previously? We need the data to flow fast, secure and trusted to different organizations in order to preemptively defend against attacks. The answer to that is to use a platform for cyber-intelligence sharing that automatize the collection of data, its protection and distribution. This is currently the work we are doing in CONCORDIA and with which we aim to have a sounding impact in Europe. CONCORDIA allows us to have a large network of technical and legal people, researchers and link with the financial community so in later stages we will make this approach extensible to other communities.
(By Jose Francisco Ruiz Rodriguez (Atos), Mario Maawad Marcos (Caixabank), Ramón Martín de Pozuelo Genís (Caixabank), Rodrigo Diaz Rodriguez (Atos))