The finance industry has long been the ideal target for dangerous cyber criminals, holding a treasure trove of sensitive information and financial credentials of innocent victims, but in the wake of the post COVID-19 lockdown period, researchers have found that these institutions are seeing a marked spike in cyberattacks.
The Reserve Bank of India’s recent Financial Stability Report published last Friday details the increase in cyber incidents and claims that it has issued more than ten advisories and alerts in partnership with the India Computer Emergency Response Team (CERT-In) regarding new cyber threats and recommended best practices to adopt.
These increased attacks could be a result of unconventional remote working conditions adopted by financial institutions during the lockdown which has made their networks more vulnerable to cyber threats. To proactively combat against these attacks, the FSR said that CERT-In is currently tracking the latest cyber threats, analyzing critical threat intelligence from various sources, as well as issuing crucial advisories and automated alerts to CISOs.
These alerts include details on the threats at hand and critical security controls and best practices to deploy in order to respond and recover from potential cyber-attacks, all while enhancing cyber resilience across the industry.
Banks and financial institutions must improve their baseline cybersecurity controls in order to proactively strengthen their cyber-networks. NNT recommends considering the following security controls and strategies to help fight against these increasingly targeted cyberattacks:
1. Establish a Secure Baseline
Establishing a secure baseline is a great way to protect your systems from internal and external threats. NNT recommends looking to the experts at the Center for Internet Security (CIS) and grouping your devices by operating system or according to their function in your environment. Then, establishing a secure and consistent configuration baseline for each and documenting and reviewing the configurations. Once the baseline has been established, it’s critical that you keep track of all changes and be notified in real-time of any deviations to your secure baseline. New, more sophisticated attack methods are being used by cybercriminals each day, so setting up an optimal system and keeping track of changes is a first-class approach. To learn how to establish a secure baseline using NNT Change Tracker, read our recent article.
2. Implement the CIS Controls
Did you know that by downloading the CIS Controls, you could reduce cyber risk by as much as 95%? These controls help provide clarity on what you really need to be focusing on in terms of security best practices. These controls are a set of prioritized actions that help organizations defend against today’s most dangerous cyber attack methods by combining key security concepts into twenty actionable controls. These controls start with basic security best practices, formally called the Basic Controls, and moves onto more sophisticated defense techniques in the Foundational and Organizational control set. Learn 6 reasons why you should automate the CIS Controls in this step-by-step guide.
3. Adopt a Risk-Based Approach to Security
Financial institutions are required to meet various regulatory and industry compliance standards, such as PCI DSS, GDPR, SOX, and more. But many businesses assume that addressing compliance obligations sufficiently addresses their cybersecurity posture, a clear misconception. Instead of operating with a false sense of assurance that because you’re compliant, you are secure, NNT recommends adopting a risk-based approach to security to proactively address cyber threats to your business. This approach allows organizations to make smarter cybersecurity investments and avoid unnecessary spending by purchasing solutions that actually increase the effectiveness of your cybersecurity program with controls that target your businesses most vital functions. Download the new Risk-Based Security eGuide to learn how to move away from compliance-led security in order to reduce real risks.
Share this post