Cybersecurity lessons from the financial sector: Unpacking decades of defence

For decades, the financial sector has been a prime target of cyber-attacks, a trend that started well before the recent spike in data breaches across other industries. To keep pace with the evolving tactics of cyber criminals, financial institutions have had to continuously hone their cyber defence mechanisms. Orro's Director of Cyber Services, Manuel Salazar, offers insights into what SMEs can learn from a sector that's become battle-hardened in the face of relentless cyber threats.

By Manuel Salazar – Director of Cyber Security Services, Orro

Amidst a surge of cyberattacks on various industries, the financial services sector stands out – not as a cautionary tale, but as a paragon of cyber resilience. Why? Because banks and financial services institutions have been the playground for hackers for decades, long before customer data became the new gold rush.

Their hard-earned wisdom, gained from extensive experience, offers a blueprint for SMEs as they grapple with the reality that attackers often view them as the low-hanging fruit due to their lack of cybersecurity measures.

From past to present: Adapting to new realities

For the financial sector, the early days of cybersecurity were about protecting transactions, but the scope has expanded to secure sensitive personal information. With each year’s technological leaps, the financial services industry has adapted to protect its assets from the evolving tactics of cyber criminals.

Take, for example, the early adoption of multi-factor authentication and malware protection — the financial sector’s pioneering moves are now standard protocols. Or the progressive evolution from mainframe systems focused on transactional security to today’s multifaceted digital battleground demanding data protection, identity verification, and robust response strategies.

The sector is well ahead in using advanced tools and technologies like Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM) systems. By remaining vigilant, financial services organisations are able leap into action at the first sign of trouble, keeping the impact of cyber incidents to a minimum.

Unfortunately, many SMEs are still playing catch-up. The adoption of Essential Eight cyber mitigation strategies are starting to become more commonplace, yet there’s much ground to cover to match the financial sector’s strides. The fundamental difference? Banks and financial services institutions have traditionally had both the capital and the regulatory imperative to shield their domains. By contrast, SMEs have lacked similar mandates or resources, leaving them more vulnerable to cyber-attacks.

However, as the landscape changes and regulations tighten, so too must the cybersecurity strategies of SMEs.

 A roadmap drawn from decades of vigilance

Hindsight is indeed 20/20, and the journey of financial institutions provides SMEs with a vital guide to achieving cyber resilience.

The hidden power of regular system patching

One of the most critical but underrated practices in cybersecurity is regular system patching. Financial services organisations have staunch systems in place to keep their software up to date, patching any holes that could leave them vulnerable to hackers. For SMEs, taking a cue from this practice means placing system updates at the heart of their cybersecurity strategy.

Authentication and access: Making sure trust is earned, not given

From multi-factor authentication and biometric validation to role-based access controls, financial services have set the gold standard for data protection.

Nowadays,  the traditional over-the-counter approach to verification is being replaced with zero-trust models, meaning identities are confirmed before doors are unlocked to sensitive information.

For SMEs, adopting the tried-and-tested methods of financial services companies is a smart play. A great place to start is implementing MFA and solid password policies to protect against data breaches that stem from stolen credentials. With special access rules, SMEs can significantly reduce the risks of internal threats.

Encrypt your data like a bank

Data encryption is not just an extra layer of security in the financial sector — it’s the norm. Encrypting data, not just while in transit, but while it’s parked, lays down a fundamental layer of defence against data breaches. That’s why banks and financial services are using the latest encryption technologies like post-quantum cryptography to safeguard sensitive data from being intercepted.

The key takeaway for SMEs is that encryption should be foundational in cybersecurity efforts. Ensure sensitive data is encrypted and secure communication channels are implemented to protect data from ending up in the wrong place.

Spot endpoint weaknesses before troublemakers do with EDR

Staying on top of cybersecurity is a game of speed and smarts. One of the ways financial services businesses stay ahead in the game is with endpoint detection and response (EDR) solutions. EDR serves as the ever-present watchful eye over every device that connects to a network. Its purpose is to quickly spot anything out of the ordinary and disarm threats in real time before they can do serious damage.

Endpoint protection is essential, irrespective of company size. By deploying EDR systems, SMEs can create an environment where employees can safely engage with digital assets, knowing that even if a threat bypasses one layer of defence, others are in place to counteract it. It’s important to note that an endpoint protection strategy should include additional protection measures like firewalls, data encryption, and MFA.

Better to outsmart the problem than fix it: Predictive capabilities give you the upper hand

Cybersecurity is by nature, a fast-paced and constantly evolving discipline. The techniques and tools that businesses use have to change in response to emerging threats rapidly.

That’s why financial services companies have invested heavily in AI, allowing them to receive early warning signals of impending cyber threats. AI’s ability to sift through vast amounts of data and flag irregularities significantly outperforms older methods that are less dynamic, enabling businesses to stop threats in their tracks before they lead to catastrophic events.

A vital lesson for SMEs here is that foreseeing an attack can make all the difference. AI-powered cybersecurity solutions are far more financially accessible today, so SMEs don’t have to miss out.

Creating a cyber savvy workforce with regular training

Beyond the technological advances and protocols, there’s a recognition that the human element is both a vulnerability and a frontline defence.

Data breaches are not always a result of sophisticated cyberattacks. They often come about because someone clicked on a malicious link, gave their credentials away to a scammer, misconfigured a system, or failed to patch a system in a timely manner. According to the Office of the Australian Information Commissioner (OAIC), human error was the source of one in four data breaches in the first half of 2023.

That’s why financial services companies devote so much effort into cultivating a vigilant workforce through regular training. By teaching their employees to recognise, report, and resist phishing scams, social engineering attempts, and other threats, these organisations seek to maintain an impenetrable culture of security awareness. With human error as a significant threat vector, SMEs should similarly invest in creating a cyber savvy workforce.

Security is only as strong as its weakest link: A lesson in third-party vigilance

Due to the interconnected nature of products and services in a digital world, exposure to third-party risks is something the financial sector knows all too well. Much of the sector’s operations depend on third-party vendors, who might have access to sensitive data. Financial organisations combat these risks with vendor risk management policies and routine security audits.

As SMEs similarly rely on third-party vendors for various services, the takeaway is clear: vet your vendors. Ensure they are transparent about how they adhere to cybersecurity standards and best practices. Your partners need to be equally committed to cybersecurity as you are to safeguard your enterprise.

Incident response plans: Making sure you’re ready for anything

Having experienced their fair share of cyber challenges, the financial sector recognises the importance of having a solid plan for when things go wrong — because they will go wrong. They regularly test and fine-tune their incident response plans, which cover everything from spotting threats and preparing their team for action, to wiping out those threats and bouncing back quickly.

For SMEs, there’s a key takeaway — don’t just rely on prevention tactics. Instead, create a bespoke plan that lays out the specific steps that need to be taken when a data breach happens.

An effective incident response plan should detail the following:

  • Preparation: Strategies to assess risks and prepare your team
  • Detection: Systems used to quickly spot any threats
  • Containment: Solutions to stop threats from spreading
  • Eradication: Methods to quickly find and eliminate the threats
  • Recovery: Procedures of restoring operations with little disruption
  • Post-incident analysis: The process of gathering findings and using them to strengthen security for the future

 Simplifying cybersecurity: The all-in-one solution for SMEs

The financial sector has not only shaped the architecture of modern cybersecurity; it has breathed life into its very essence, moving beyond mere transactions to securing an entire ecosystem. What SMEs should take away from this is that cybersecurity isn’t just a checklist item, it’s about adapting to new challenges as they come.

But adapting doesn’t mean you have to manage everything on your own. The advent of Orro and SentinelOne’s extended detection and response (XDR) managed service marks a significant leap toward levelling the playing field, offering smaller businesses the same cybersecurity assurance as enterprises with deep pockets and expansive IT departments.

At the heart of the XDR managed service is SentinelOne’s Singularity Data Lake, an autonomous security solution that unifies endpoint protection, cloud security, and identity threat detection and response. It’s the first such solution in Australia that keeps all data within national boundaries, ensuring full compliance with stringent cybersecurity regulations.

Complementing SentinelOne’s technology, Orro offers Security Operations Centre capabilities to provide 24/7 monitoring and incident response services, meaning swift action can be taken in case of security incidents, without having to develop these capabilities in-house.

You can enjoy peace of mind knowing your cybersecurity is managed by experts who have decades of experience working with Australia’s biggest financial services companies. Together, we’ve seen it all and we know what’s coming.

Learn more about Orro’s SentinelOne-powered managed XDR service.

Related Insights

26 April 2023

Orro’s Secure Workspace for Today’s Work Environment

With the hybrid workplace seemingly here to stay, Orro’s Secure Workspace ensures your people remain productive while working from anywhere, on any device, without compromising on security.
28 July 2022

The Hybrid Workplace & the Need for ‘Zero Trust’ Security

Zero Trust – assuming by default that no-one, nowhere can be trusted – is a critical security component of the new hybrid, cloud-based workplace, where staff and systems no longer sit within the safety of the traditional office network perimeter.
3 November 2021

Secure Workspace offers a safe space in the new normal

As the COVID-19 pandemic forever changes the way we work, it’s vital to ensure that your people can remain productive working from anywhere, on any device, without compromising on security.