Harnessing Threat Intelligence To Safeguard Financial Services
Early detection with threat intelligence is vital as the Dark Web’s personal and financial data collection expands.
The financial services sector faces cyber threats, posing significant risks to sensitive data and customer trust. Mike Wilson, founder and CTO of Enzoic, explores how threat intelligence empowers financial institutions to protect their assets.
The financial services sector has long been a prime hacker target, which is no surprise given its proximity to account details and other information that can be exploited for monetary gain. Recent innovations such as mobile banking and third-party applications have expanded the attack surface, making security more critical than ever.
Case in point, 83% of leaders in Bank Director’s 2023 Risk Survey say their cybersecurity concerns are increasing. Adding to this is the staggering cost of a data breach in the sector. According to IBM and the Ponemon Institute, the toll in financial services is 33% higher than the average, coming in at $5.9 million.
With consumer trust such a central tenant of success, it’s essential that financial institutions adopt a more proactive cybersecurity posture that enables them to identify and mitigate threats before damages can occur. Increasingly, savvy banks and credit unions are looking to threat intelligence to stay ahead of threat actors.
Chief Cybersecurity Challenges
Before delving into the benefits of threat intelligence, let’s first take a look at common threat vectors cybercriminals use to target the sector:
Account takeover and credential stuffing
Account takeover (ATO) attacks utilize stolen credentials to obtain unauthorized access to customer or employee accounts. Threat actors rely on various methods to fuel ATO attacks, including phishing emails, social engineering, and credential stuffing. The latter tactic automates guessing login credentials and is extremely successful due to the pervasive problem of password reuse.
Once a cybercriminal successfully obtains account access, they can transfer money, initiate fraudulent transactions, or use it to fuel additional data breaches or IP theft against the company.
Phishing
Phishing campaigns aim to trick users into providing sensitive information or acting in ways that jeopardize security. With nearly 28% of phishing attacks globally targeting financial institutions, it’s clear that the industry must do more to protect against this threat vector.
Worryingly, recent innovations in AI make it more difficult to spot phishing attempts. For example, poor grammar, once a hallmark of these campaigns, can no longer be relied on thanks to generative AI.
Ransomware and infostealers
Ransomware is another cyber threat on the rise within financial services, with the volume of attacks growing to 64% last year—nearly doubling the 34% reported in 2021.
Unlike ransomware, where information is held hostage, infostealer attacks happen behind the scenes and can be deployed by threat actors with limited technical abilities and means. Yet again, the financial services is one of the most targeted industries.
Shining a Spotlight on the Dark Web
The Dark Web ultimately plays a role in furthering all the threats outlined above. The anonymous, encrypted network routes traffic through nodes worldwide, obscuring users’ digital footprints.
In addition, the term is often used to refer to other cybercriminal forums and marketplaces operating on the Clear Web and Telegram, for example. Hackers can easily trade and obtain stolen credentials, financial account details, and other sensitive data on all of these sites. Dark Web sources are extraordinarily difficult to police effectively, and the repository of stolen information grows with every new breach.
Username and password pairs are among the most popular data sets available, with over 24 billion credentials in circulation. A recent CrowdStrike report found that advertisements from access brokers selling passwords, session tokens, and other ways to compromise a company grew almost 20% year over year in 2023. In this environment, financial institutions must deploy threat intelligence to prevent Dark Web data from being weaponized against them.
Addressing Credential Vulnerabilities
According to the 2023 Data Breach Investigations Report, 80% of breaches involve stolen credentials, and strengthening the password layer is one of the most critical steps in combating Dark Web threats.
There are various reasons behind compromised credentials’ enduring popularity as a threat vector—for one, people practice terrible password hygiene, with more than 60% of Americans using the same one for numerous accounts and 13% employing one password for everything.
Legacy policies such as time-based resets and mandated complexity are also to blame, as studies show these lead to weaker passwords that hackers can then guess.
See More: Session Token Theft: The Growing Threat of Cybersecurity
Modernizing Password Security with Threat Intelligence
For these and other reasons, the National Institute of Standards and Technology (NIST) recommends companies abandon legacy password management approaches and focus on credential exposure. We recently worked with an Oregon-based credit union to help them adhere to NIST’s guidelines.
The organization was eager to improve password security and free its helpdesk from burdensome resets and empower employees to be more productive; the password reset cycle had become a significant resource drain.
The credit union replaced time-based resets with a modern screening solution that vets credentials against a real-time Dark Web database at every login. This ensures the company’s password security reflects the latest breach data, enabling it to act at the first sign of compromise.
In addition, the credit union can achieve NIST compliance and allow its IT team to focus on other security priorities as the screening and remediation are handled automatically in the background.
Threat Intelligence in Action
Eliminating compromised credentials is just one example of how threat intelligence can help financial services companies improve their security posture. The Dark Web is also rife with exposed personally identifiable information (PII), payment card data, cryptocurrency wallets, and other sensitive information that hackers can use to compromise individual customers and financial institutions alike.
To protect against the significant financial and reputational damages resulting from a data breach. Organizations must be much more proactive in identifying these and other exposed data sets.
Today’s evolving security landscape means threat intelligence is no longer a nice-to-have but a critical tool in companies’ arsenal, as early detection is vital in warding off a successful attack.
How can organizations leverage threat intelligence to enhance cybersecurity strategy? Let us know on Facebook, X, and LinkedIn. We’d love to hear from you!
Image Source: Shutterstock
MORE ON THREAT INTELLIGENCE
