John Yang, Vice President of APJ at Progress | 11 March 2022
How to Find and Prevent Breaches with Logs, Maintain Compliance
John Yang, Vice President of APJ at Progress
A whopping 35% of all data breaches impact Financial Services organizations, according to Forbes. These companies contain a treasure trove of valuable data, and intensely complex financial IT systems with their huge number of interconnections offer ample ways for cybercriminals to break in.
“Financial services firms are 300 times more likely than other companies to be targeted by a cyberattack,” the Boston Consulting Group argued. “Dealing with those attacks and their aftermath carries a higher cost for banks and wealth managers than for any other sector.”
These attacks seemingly never stop, and many incidents stemmed from employees failing to follow their company’s policies on security and data protection.
COVID has only made this worse, argues Fintech News. “COVID-19 is blamed for a 238% increase in cyberattacks in FinTech, with 80% of firms worldwide increasing their digital security infrastructures,” Fintech found.
In this dire situation, how can Financial Institutions address their pain points?
Financial services firms face multiple security and compliance issues, including:
- Compliance: Taking improper care of data leads to compliance violations and fines.
- Identities and Authentication: Financial institutions must not only control access to data and from employees, but IT systems must also be protected through proper credentials.
- Security: A financial institution breach is front-page news, invading customer privacy and harming the organization’s reputation.
The solution to all these problems is up-to-date network monitoring.
Compliance
Reporting is critical to compliance efforts. Reporting keeps IT aware of potential problems that could result in a breach, and in the case of an incident, compliance requires reporting on what exactly happened. Network monitoring handles both by collecting, analyzing and even archiving logs that tell the activity tail.
Identities and Authentication
Cracking an internal IT system is hacker gold. The network monitoring solution, for instance, shows all the network elements as well as how and by whom they are configured and used. Protect this vital resource with tight credentials based on user identity and strong authentication.
Find Breaches Fast
With a modern network monitoring tool, you can set up email notifications and alerts for changes to the configuration of network devices, and audit configuration against defined policies. Advanced tools also let users view and compare device configurations in the device properties page, and if configurations are lost, network device configuration backups can be automated for any device that supports Telnet or SSH.
Monitor Network for Suspicious Activity
The ideal solution will give the FI complete visibility into the status of network devices, systems, and applications, and see network devices, servers, virtual machines, cloud and wireless environments in context. Users should be able to click on any device to get immediate access to a wealth of related network monitoring settings and reports so that they can see how everything is connected and get answers faster.
Similarly, FIs need a solution that provides detailed visibility into their network traffic to see which users, applications, and protocols are consuming bandwidth. This insight allows the user to set up bandwidth usage policies, and detect unusual usage that could indicate a security issue.
The most advanced solutions can also help you avoid the negative consequences of accidental or malicious network device configuration changes with a configuration management add-on that sets up network devices to send an SNMP trap to trigger a notification whenever a configuration changes. Action policies in the alert center can even be set up to automatically initiate a backup, add or remove users, or update firmware.
Of course, none of these capabilities matter much if the user is not getting actionable alerts and reporting from their network monitoring solution. That’s why it’s critical to choose a solution with a robust alerting system that can let the team know as soon as things start to go awry.
Common mistakes
Alert overload: It may sound counterintuitive but it is true – less is more. A perfect example is a financial institution that was repeating the same actions every two minutes. When a system became unavailable, they’d get an email alert – even when it was only down for a minute. Every two minutes after that, the network monitoring tool kept emailing. They got so used to it, people started ignoring the alerts. When there are too many alerts, people tune them out.
Make sure emails only go out when someone has to log in and do something. If an email is being sent from the monitoring system, but no one had to log in and do something – this is spam and the system should be reconfigured.
Help or hindrance
The systems designed to help – IT alerting tools – can overwhelm IT. Ovum research into banks found that 40% get hit with an average of 160,000 mistaken, redundant, or irrelevant alerts every day. The culprit is alert overload from myriad security tools. Ovum found that 73% of banks had at least 25 separate security tools.
The answer clearly is to implement a network monitoring solution that intuitively addresses all the Financial Institution’s compliance, authentication and security challenges on a single platform.
