back caretBlog

The Threat Inside Your Network

Despite the fact that financial services institutions spend an average of 10% of their budget on cybersecurity, attackers continue to breach their networks and those of their providers. At a reported $5.85 million per breach, cyber criminals are taking advantage of an industry that is busily reconfiguring vulnerable supply chains and working towards offering more digital experiences.

Pre-pandemic, financial institutions were adopting technologies to support digital transformation. Once the pandemic hit, on top of already in-progress transformations, the rapid adoption of remote work prompted a seismic shift in the use of digital services by financial services' customers. This required that some financial enterprises revise policies to accommodate new ways of accessing services, including changing virtual transaction limits and enabling electronic signatures. Now, security and risk teams must assess how they can use these network changes to their advantage and improve security posture on the whole, rather than checking off to-dos on a compliance list.

Security Threat of Supply Chain Attacks

The complexity of the software supply chain increases risk for any organization, and as we have learned from SUNBURST, supply chain attacks are stealthy and destructive.

Third-party connections create a potential vulnerability that is difficult, if not impossible, to detect until it's too late. For attackers, going after an element of the supply chain is an unobtrusive way to infiltrate a broad swath of businesses. This allows them to also employ traditional tactics, such as phishing and email compromise to deploy malware, ransomware, and DDoS attacks.

As financial services organizations work with third-party providers to meet specific strategic and operational goals, they must also pay attention to the potential risk. Given the volume and sensitive nature of data managed by financial institutions, plus strict privacy regulations and standards, there is a need to balance the operational efficiencies of working with third-party vendors against security, privacy, and regulatory compliance.

Given the many ways for motivated hackers to find their way inside your network, it is critical to understand normal network behavior. To do this financial services organizations should always monitor the other systems and assets that third-party software is allowed to talk to. That way if there is unusual activity, such as lateral movement, you will see it.

Responding to Attacks

The security level for any given enterprise depends on how well they are equipped to respond to vulnerabilities and attacks, both at the edge and inside the network. Managing risk in the supply chain requires internal controls, transparency, and due diligence over the security policies and procedures of third-party vendors.

In today's distributed computing environments, visibility across the hybrid network and into third party practices is a major challenge. It requires a greater understanding of what is connected to the network, such as unmanaged devices and IoT, what services are communicating on the network, and what is considered normal behavior.


Prepare for the Expected

Attacks like NotPetya and SUNBURST are here to stay, and we know that the complexity of supply chains increases security risks for any organization along the line. They reveal the danger of attackers that have free reign and almost unlimited time to move undetected in the network. The key to securing your network and understanding if it has been compromised is to get visibility into the network, coupled with real-time threat detection and the ability to perform investigations both proactively and retrospectively.

Limiting damages and avoiding regulatory fines requires a strategy that includes monitoring network data. While the network will never be impenetrable, the opportunity to stop a breach lies in the ability to detect threats pre-compromise using visibility into both east-west and north-south traffic, detecting vulnerabilities, and spotting unusual behavior before it becomes an attack.

To learn more about how to stop the threats coming from inside your network, read our latest whitepaper The Threat Inside Your Network: Supply Chain Global Risk and Financial Services.

ExtraHop Reveal(x) Live Activity Map

Stop Breaches 87% Faster

Investigate a live attack in the full product demo of ExtraHop Reveal(x), network detection and response, to see how it accelerates workflows.

Start Demo

Sign Up to Stay Informed