Overview
Cybersecurity in banking is an increasingly expensive challenge for financial institutions, as the threat of cyberattacks increases. This is due to a multitude of factors, such as complex systems that expose more points of vulnerability to attackers, higher costs when attacks are successful, and a spike in the overall number of attacks.
Together, these factors have led to growing premiums for institutions to insure themselves against attacks, and greater vulnerability for those that aren’t increasing protections at pace with the threat.
In this article we lay out 3 categories of threats to cybersecurity in the banking industry, what’s changed to make the threat more urgent, and the capabilities needed to combat each type of threat.
Software supply chain threats to financial institutions
Software supply chain attacks compromise software developers' systems or products, inserting malicious code into trusted software pipelines, updates, or dependencies. This approach sidesteps conventional security, exploiting users' trust in official updates to deliver malware or achieve unauthorized access, and is a threat to application development.
Why are software supply chain threats to financial institutions urgent now?
Software supply chain attacks—which can cause both financial and reputational damage—are becoming more frequent:
- In the past 3 years, the average annual number of software supply chain attacks has gone up 742%.
- 45% of organizations will experience supply chain attacks by 2025.
- Software supply chain compromises cost 8.3% more and took 8.9% longer to identify and contain than other breach types.
- Ransom payments for attacks are increasing 71% year-over-year.
What do you need to combat software supply chain threats?
Although no system is ever 100% secure from any security threat, these protective practices help organizations proactively combat software supply chain attacks. Organizations need a tool to:
- Analyze applications and code base to identify critical issues before offering fixes to mitigate vulnerabilities and risk.
- Customize and automate build pipelines, while scanning images for vulnerabilities, and deploy to a state that blocks suspicious builds from poisoning pipeline executions.
- Offer high-fidelity threat analytics to pinpoint and prioritize security issues to help expedite incident response and improve security posture in software delivery.
Cloud security threats against financial institutions
Cloud services are a key tool many financial institutions use to modernize their systems. However, this adoption of cloud services comes with an abundance of new challenges and threats. "Cloud" refers to the hosted resources delivered to a user via software. These resources—along with all the data being processed—are dynamic, scalable, and portable.
What’s changed that makes cloud security threats more urgent for the banking industry?
Cloud security threats are more urgent now because more of the overall technology estate of the financial sector is now housed in the cloud. This practice is increasing as organizations seek to reduce cost and become more nimble. These new attack vectors can create reputational risk and potential sanction from regulators if there are lapses in managing risk.
What do you need to combat cloud security threats?
Responsibility for cloud security is shared between the financial organization and the cloud services provider, but both sides should be cognizant of the following capabilities:
- Threat detection, intelligence and response
- Configuration and policy management
- Key management and encryption
- Surveillance and observability
- Software supply chain security
Data security threats against financial institutions
Data security threats are attacks that threaten privileged data falling into unauthorized hands. This includes threats to both data accessed at rest (i.e., an unauthorized user logging into a place they are not meant to access) and data captured in motion (i.e., an unauthorized user capturing data in transit between two authorized sources).
What’s changed that makes data security threats more urgent for the banking industry?
While the primary target for data security threats is still users and user error, the attack vectors have become more sophisticated, numerous, and costly. This is paired with an increasing need for on-demand data as mobile platforms and remote work increase the need for high-speed, ubiquitous access to data. More specifically, threats on data have become more urgent because:
- In 2020, the average person on Earth created 1.7MB of data each second, creating more opportunities for attackers to take advantage.
- Advances in artificial intelligence (AI) and machine learning (ML) are allowing for more sophisticated attacks.
- Many recent attacks have exploited expanded data access, such as the SUNBURST attack that revealed the financial data of 5.2 million Marriott customers.
What is needed to combat data security threats?
One of the key capabilities needed to combat data security threats is to take a zero trust approach to security. It is an approach to designing security architectures based on the premise that every interaction begins in an untrusted state. Within this context, trust boundaries must be kept as small as possible, and no access should be authorized beyond what is needed to complete the transaction.
In the United States, President Biden's Executive Order on Improving the Nation's Cybersecurity (EO 14028) requires federal civilian agencies to establish plans to drive adoption of Zero Trust Architecture.
Zero trust is based on two key foundations:
- De-perimeterization: De-perimeterization addresses decoupling of trust from location. In a world where users need to be able to access organizational data from anywhere, and because of transitions to the cloud, that data can be anywhere, enterprises are no longer defined by geographic perimeters.
- Least privilege: When interactions cannot inherit trust based on name or location, every interaction is suspect. Least privilege refers to the practice of restricting access to only those resources absolutely necessary—i.e. the "least" privileges necessary for an activity.
In order to implement a zero trust model, an organization must adopt these critical components:
- Single, strong source of identity for users and non-person entities (NPEs).
- User and machine authentication.
- Additional context, such as policy compliance and device health.
- Authorization policies to access an application or resource.
- Access control policies within an app.
These components are largely focused on being able to default identity based access policies to "deny-all" and "allow-by-exception."
How Red Hat helps combat cybersecurity threats in the banking industry
Red Hat’s core solutions are enterprise-tested and ready to be used in an environment that focuses on security.
Here are some of the key solutions Red Hat offers to help with cybersecurity in the financial services industry:
Red Hat Trusted Software Supply Chain
Red Hat® Trusted Software Supply Chain is a set of cloud services powered by Red Hat® OpenShift®, which enhances resilience to software supply chain vulnerabilities. As part of this solution, two new cloud services, Red Hat Trusted Application Pipeline and Red Hat Trusted Content, join existing Red Hat software and cloud services, including Quay and Advanced Cluster Security (ACS).
Red Hat Advanced Cluster Security for Kubernetes
Red Hat Advanced Cluster Security (ACS) for Kubernetes is the pioneering Kubernetes-native security platform. This platform can equip organizations with the power to more securely build, deploy, and run cloud-native applications. The solution helps protect containerized Kubernetes workloads in all major clouds and hybrid platforms, including Red Hat OpenShift, Amazon Elastic Kubernetes Service (EKS), Microsoft Azure Kubernetes Service (AKS), and Google Kubernetes Engine (GKE).
Security automation with Red Hat Ansible Automation Platform
Red Hat® Ansible® Automation Platform uses playbooks, local directory services, consolidated logs, and external apps to integrate IT security teams and automate their security solutions, allowing them to investigate and respond to threats in a coordinated, unified way.
Red Hat OpenShift Service Mesh
Red Hat OpenShift Service Mesh provides a uniform way to connect, manage, and observe microservices-based applications. It provides behavioral insight into—and control of—the networked microservices in your service mesh. Gain access to comprehensive application networking security with transparent mTLS encryption and fine-grained policies that facilitate zero-trust networking.