You Can Bank on Banking Breaches

FireEye is no stranger to banking breaches. Banks and other financial institutions have long been common targets for cyber criminals, and through the years FireEye has helped these organizations respond to what would become some of the most highly publicized breaches.

News reports on sophisticated cyber attacks against banks and the financial systems that support the banking industry have become more abundant since early March. FireEye has developed a white paper that outlines actions banks should take to protect against the types of threats being reported in the media.

This white paper offers tips that will help organizations remain resilient to advanced threats. Here are just some of our recommendations:

• Properly Manage Credentials: Nearly every breach we respond to involves credentials being stolen and abused, so banks should protect them accordingly – especially administrative credentials.
• Implement Proper Segmentation: Most network segmentation is implemented and monitored improperly, giving banks a false sense of security.
• Data Segregation: Production data should not be put into development, test and QA systems, as these systems are often accessible with lower privileges or are in less secure environments.
• Collect Evidence: Forensic measures should be in place for all critical network assets and applications.
• Test Your Exposure: All critical systems should be thoroughly tested for security prior to production deployment, and tested whenever configuration changes are made to the operational environment. Consider red teaming as opposed to just vulnerability assessments.
• Move from a Security Operations Center (SOC) to a Cyber Defense Center: SOCs simply respond to security alerts, while a Cyber Defense Center is equipped to detect, hunt for, respond to, and contain advanced threats.
• Ensure Detection of Sophisticated Threats: Banks must have the security technology to detect all types of attacks, credential abuse and attacker lateral movement.
• Use Intelligence: Threat intelligence can improve the quality of detection and the speed of incident response.

These recommendations may sound familiar, but that’s kind of the point. They are based on observations from our consultants responding to financial services breaches around the globe, and they reflect the weaknesses we see time and time again in the real world. We all know that data should be segregated and credentials should be well managed, but this basic hygiene often doesn’t get enough focus.

FireEye believes security needs to be viewed as a process that constantly evolves over time in response to the changing threat landscape. Currently, attackers rely on weak authentication to breach the networks of financial services organizations. Stolen credentials, combined with weak access controls, provide adversaries with access to critical assets such as data, people and systems. Defending against such attacks comes down to two key aspects: ensuring the right defensive controls are in place, and having a breach plan that enables a swift and effective response, thus minimizing any impact.

While breaches are inevitable, financial institutions can take steps to protect an industry that plays an important part in our lives.