Threat intelligence helps secure finance industry
An emerging practice is helping financial organizations combat cyberattacks
Famous American thief, Willie Sutton, was once asked by a journalist why he robbed banks.
His reported reply? “Because that's where the money is.”
According to Thales, more than 42% of U.S. financial services organizations report having experienced at least one data breach, with 12% sustaining multiple breaches. Nearly 24% say they had a data breach in 2017, up from 19% the previous year.
One emerging practice helping to combat cyberattacks is threat intelligence (TI).
Gartner analyst Rob McMillan defines threat intelligence as “evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.” It’s therefore contextual, proactive, and data-driven – all of which are key components of modern digital security best practices.
Beyond the challenges of integrating TI into existing security tools and day-to-day operations, financial services organizations must learn to manage and make sense of the huge amounts of data being continually collected.Share this quote
Data shows the effectiveness of TI: The 2017 Cybersecurity Trends Report sponsored by ISC2 notes that 58% of organizations have reduced security breaches by up to 25% through the use of TI solutions, while another 34% reduced breaches by more than 25%.
By collecting and combining data from myriad sources – including internal security data (aggregated logs, incident details) and external threat intelligence (data feeds, government and law enforcement, industry reports, crowdsourced platforms) – financial firms can create an ongoing threat feedback loop that provides a holistic, real-time view of cybersecurity. This allows the response to existing threats to be immediate while anticipating and preparing for future threats.
However, as the SANS Institute notes, “TI is not a simple checkbox item. Establishing a program that learns about and acts upon threats to the organization takes time and effort.”
Cybersecurity in the finance industry
Beyond the challenges of integrating TI into existing security tools and day-to-day operations, financial services organizations must learn to manage and make sense of the huge amounts of data being continually collected.
“Sorting through and filtering the deluge of information often takes more time and resources than are available,” writes Paul Irvine in FinExtra.
This challenge is compounded by the need to decipher data collected from disparate sources inside and outside the network. A TI platform can detect data patterns and threat activity across the network, analyzing traffic in near real time from mobile devices, computers, applications, and data centers, and flagging suspicious activity for review.
Automation accelerates the process of threat detection and resolution, narrowing or shutting windows of vulnerability across the network. For large financial services organizations conducting thousands of transactions per minute (millions per day), this kind of rapid response is critical.
Perhaps more importantly, TI applies machine learning as it analyzes activity patterns. This enables financial services organizations to automatically update threat databases and continually evolve its security posture as necessary.
AT&T is a leading provider of integrated solutions for business, powered by the global network with more secure connections than any other provider in North America. To learn more about digital transformation in the finance industry, visit our financial services solutions page.