expert
OPINION
While it may be reasonable to assume that cloud providers provide security by design as part of their platforms , this is sadly not the case .
2032 , an attack on the digital systems that facilitate a large majority of payments and transactions would have a huge ripple effect , giving bad actors credibility amongst their peers and providing them great leverage for further extortion .
Confronting an invisible threat
But just as banks once had to deal with ever more sophisticated heist attempts , the tactics of cybercriminals are evolving . Firstly , financial institutions don ’ t just attract standard hackers – their CNI status marks them as likely targets for nation-state cyberattacks , which often have more time , resources , and far more skilled actors with which to find and exploit blind spots .
Earlier this year , the NCSC issued a warning about one such sophisticated tactic : living off the land attacks . These cloud-borne cyberattacks focus on lateral or ‘ east-west ’ movement , using defensive week spots to gain access to vulnerable cloud hosts before moving internally from host to host to find a safe dwelling spot .
Hidden within the organisation ’ s network , these actors can then bide their time and plan their attack before they act , detecting the most sensitive data
stores , analysing the networks for intelligence , and covering their tracks . As hybrid cloud environments grow more sophisticated , financial institutions ’ workloads and data becomes wider spread across the network . Without full visibility and robust security monitoring , the newfound complexity only breeds more potential blind spots for attackers to hide in .
Securing these landscapes with the right tool strategy is essential , and this must evolve in line with changing IT infrastructure . Financial institutions ’ existing security tools , engineered and employed for on-premise environments , rely heavily on data from logs , traces and event files – a fact that living-off-the-land attacks take for granted . The reality is that logs are ‘ mutable ’, meaning bad actors can manipulate them to mask their activity and lull security teams into blissful ignorance of an on-going cyberincident .
Today ’ s financial sector needs additional network visibility to enhance and verify log , event and tracebased intelligence . Only by gaining deep insight into their network traffic , including east-west movement across both the cloud and existing ‘ onpremise ’ environments , can security teams expose and remediate hidden threats .
42 WWW . INTELLIGENTCISO . COM