Organizations usually take robust measures against outside threats but leaving internal systems unprotected leaves vulnerabilities to supply chain attacks.
Findings of the IBM study on data breaches in 2020
A study by IBM indicated that 53% of data breaches are financially motivated, so the industry is constantly on the cybercrime radar. In other sectors, malicious users get a foothold through social engineering, credential stuffing, and application vulnerabilities.
The finance sector is different as users primarily compromise internal corporate networks.
The pandemic has accelerated the digital shift, with focus on secure cloud environments. Cybercriminals also leverage this change when businesses move to cloud-based platforms.
Institutions opt for SaaS (Software-as-a-Service), PaaS (Platform-as-a-Service), and IaaS (Infrastructure-as-a-Service), leaving additional vulnerabilities in a multi-layered environment.
The United States Federal Reserve Bank of New York said, “compromising any of the five most active United States banks will result in significant impacts to other banks,” resulting in $130 billion of forgone payment activity.
It makes data breaches even more problematic, as organizations must pay fines and remediation costs, in addition to compensating the lost funds.
These requirements call for a holistic approach.
“Organizations have to strictly authenticate both external and internal users to protect their corporate systems. Financial institutions suffer from internal actors who know the banking system’s inner workings, and state-backed hackers often target them.”
Zero Trust and IP whitelisting, a bottleneck for attackers
To minimize the cyberattack surface area, financial companies establish secure connections for employees and contractors to reach essential assets.
Unconditional trust can be harmful if malicious users compromise the connection.
“Today’s authentication is based on a Zero Trust model, meaning that employees and contractors can only access limited resources for a defined period.”
“Even if their connection is compromised in a supply chain attack, hackers won’t do much harm as they won’t reach the rest of the internal network”, says Gurinaviciute.
The organization can also implement an additional security layer that filters the end-point devices and apps based on their IP address.
With IP whitelisting (also known as the allow list), admins can create a set of trusted employee and third-party devices, granting them access to the corporate network.
This policy complicates the onset of the cyberattack, limiting its surface area. Whitelisting particular IPs can be arduous, especially for smaller organizations like FinTech startups.
Companies can stay resilient by implementing third-party solutions with a centralized control panel for an efficient addition of new devices and applications.
Accenture estimates that banks will lose $347 billion to cybercrime in the coming years.
Organizations with strict and robust external authentication shouldn’t overlook the resilience of their internal networks. Cooperation with technology service providers (TSPs), managed service providers (MSPs), and cloud service providers (CSPs) is inevitable.
It brings efficiency and scalability but comes with a cost.
To neutralize new possible attack vectors, Finance should review their contractors’ and employees’ access privileges — IP whitelisting is an appropriate first step.