The financial sector in Germany is particularly vulnerable to cyber threats. As the current Kaspersky study "Cyber Security: Focus on the Financial Sector" [1] shows, financial organizations consciously rely on a combination of technical solutions, threat intelligence and cyber security awareness on the part of their employees in order to protect themselves comprehensively. The main focus is on threat intelligence: almost every financial company (99 percent) uses a corresponding service.
The digitization of finance, which has increased since the pandemic began, has made the industry even more attractive as a target for cybercriminals. It manages large cash flows and has a huge amount of sensitive customer data from companies and institutions.
Threat intelligence as an important protection element
Companies in the financial sector rely almost universally on threat intelligence services [2], as the Kaspersky study shows. Overall, 99 percent use at least one such service. However, not all companies are actually using the services they would like to use. For example, 57 percent of survey respondents say their organization uses APT Reports to keep up to date with the latest investigations, threat campaigns and techniques from APT actors. Another 28 percent would like such reports to be used. About half of the companies (55 percent) use threat data feeds, and another 32 percent would like to use this tool in the future. Malware analyzes are used by almost two thirds (65 percent) of financial institutions, and 16 percent would like to use them.
Almost every second respondent (47 percent) states that they use security evaluations – for example via the TIBER framework (Threat Intelligence-based Ethical Red Teaming) and tools for detecting targeted attacks (52 percent). More than a third (34 percent) is also of the opinion that their own company should use such technological tools in the future. Accordingly, awareness of the use of threat intelligence services seems to be quite high in the financial sector.
Heavy use of threat intelligence services
"Gartner defines threat intelligence as a key aspect within an enterprise security architecture that helps security and risk management technicians identify, segment, and rigorously investigate threats," said Waldemar Bergstreiser, Head of Channel Germany at Kaspersky. “Today, a reactive approach to cybersecurity is simply not enough, and quality threat intelligence must have a number of characteristics. These include - firstly - a rich context that creates actionable intelligence from data and offers added value, and - secondly - the support of a recognized team of experts with proven experience in uncovering complex threats. Third, the services must be seamlessly integrated into a company's existing security processes. Good threat intelligence frees up internal cybersecurity departments to focus on higher priority goals.”
Technical solutions as a basis
A comprehensive cyber security concept is based on a technological solution that is able to ward off attacks. Therefore, all respondents rely on complex technical solutions: More than half of the respondents (53 percent) rely on external IT security service providers, including threat intelligence services. Almost as many (52 percent) use preventative tools and expertise in-house to detect and analyze cyber threats. 53 percent also use security tools or services to actively protect cloud software and activities. More than a third (37 percent) work with network segmentation, 37 percent even operate their own Security Operations Center (SOC). Almost a third of those surveyed (33 percent) also stated that they use Security Information and Event Management, or SIEM for short, within their company.
Employee training not cross-departmental enough
In addition to an efficient security solution, training employees in cyber security issues is a fundamental part of an efficient protection concept. The importance of regular training sessions seems to have arrived – at least in part – in the minds of decision-makers in the financial industry: In more than half of the organizations (51 percent), 100 percent of all members of the IT department are regularly trained on security topics and procedures. In the other departments surveyed (e.g. executive assistants, marketing, analysts and traders, accounting) things are not looking as good.
More than a quarter of those surveyed (between 25 percent and 32 percent depending on the department) state that less than half of the employees here are regularly trained on IT security issues. But security training is essential in the face of increasing threats to companies. Employees must be made aware of digital dangers and given the knowledge to identify threats in order not to endanger the company through negligent behavior.
Professional training deepens knowledge about malicious software and provides employees with basic knowledge about classifying malware and recognizing dangerous and suspicious behavior and offers interactive tasks in a simulated environment. This will give them the same skills that a proactive incident detection specialist possesses.
Recommendations for protecting financial organizations
- Restrict access to remote management tools from external IP addresses and ensure remote control interfaces are only accessible from a limited number of endpoints.
- Enforce a strict password policy for all IT systems and the use of multi-factor authentication.
- Offer restricted privileges to employees and only grant high privileged accounts to those who need them to do their jobs.
- Provide SOC teams with access to the latest threat intelligence [2] to keep them informed of tools, techniques and tactics used by threat actors.
- Regular creation of backups of all relevant business data. In this way, important data that has been encrypted and made unusable by means of ransomware can be quickly restored.
- Regular employee training courses on cyber security - for example with the help of the Kaspersky Security Awareness Training [3] - is essential to manifest awareness of digital threats within the workforce and thereby sharpen the behavior of each employee.
- Deploy a powerful solution like Kaspersky for Financial Services [4] that provides comprehensive cyber protection and ensures the security of organizations of all types.
[1] https://kas.pr/h2ia The survey was conducted by Arlington Research on behalf of Kaspersky in January 2022. 150 IT decision-makers from the financial sector in Germany were surveyed.
[2] https://www.kaspersky.de/enterprise-security/threat-intelligence
[3] https://www.kaspersky.de/enterprise-security/security-awareness
[4] https://www.kaspersky.de/enterprise-security/finance
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/