All banks share the same key responsibility—to manage and protect the financial assets of its customers. No matter if they are the neighborhood bank, or the size of JPMorgan Chase, this key responsibility doesn’t change. Yet, risk doesn’t play favorites when it comes to the size of banks.
Sure, larger financial institutions will have more assets to protect, more employees to monitor, more customers to satisfy, more branches to secure, and ultimately, more points of entry to keep safe. But they also have the largest security budgets, SOC teams, and resources to maintain things under control. And if worse comes to worst—as it happened a few years back with one of the largest banks in the world—having $2 trillion in assets to fix the problem comes in quite handy.
The same can’t be said of SMB banks and credit unions. An attack is an attack, is an attack—no matter if your bank serves 10,000 customers or 100,000,000 customers. The difference is that while a larger bank may be able to bear the costs and withstand the fallout from a cyberattack, an SMB bank or credit union could be forcefully wiped out of its existence by the same incident.
Big vs. Easy Payouts
Hackers are well aware of the disparity between the number of resources allocated toward IT and security operations—be it staff, tools, or training—that large banks have vs. small and mid-sized banks. That’s why they’ve recently turned their attention away from the Banks of America and into the Banks of Name-Your-Town-Here.
In fact, the 2017 Verizon Data Breach Investigations Report (DBIR) revealed that 61% of the incidents and attacks reported were perpetrated against small and medium businesses, with financial institutions ranking as the most frequent target of attacks.
Whereas the payout of infiltrating the networks of a large bank to steal account information and other confidential data could lead to quite the bonanza, the amount of time and effort it could take to circumvent their security traps may require either a skilled or an extremely persistent hacker. Seen as an easier target, with more blind spots to latch onto, hackers looking for a quick reward are rather trying their luck with SMB banks and credit unions.
Scaling Your Security Team
With smaller budgets come smaller security teams, and often times, less experienced. The cybersecurity talent shortage means that there is greater demand for cybersecurity expertise than there is offer, resulting in higher costs for seasoned experts, and forcing banks with smaller budgets to compromise size of team for expertise of team members—if not both.
Getting hit with thousands and sometimes millions of alerts each day brings smaller security teams to a point of acquiescence—when they reluctantly accept that they can’t handle all incoming alerts and that many will remain ignored, even those tagged as ‘high priority’. This is where automated security solutions come in very handy.
The security industry has long had mixed feelings for the automation of security workflows. “No robot will ever be as good as a human!” many think. But if the manufacturing industry would’ve thought the same way before the industrial revolution, the supply of many of today’s goods wouldn’t suffice to meet the needs of a growing population (ecology aside).
The same goes for security teams in the financial industry with an urgent need to scale to address the growing number of threat alerts they receive. When done properly, automation would not only streamline a workflow, it would add value to it. The more common capability in security automation tools is the ability to consolidate incoming alerts from threat detection tools. But this step is of little use if it’s not helping you automatically investigate each alert, and do so in a way you could rely on the results. That’s why having deep visibility into activity across the enterprise and using that to correlate incoming alerts is critical in thoroughly investigating events and being able to trust the tool’s assessment of them. Without it, you wouldn’t be able to rely on what the tool assesses as a high priority threat or as a false positive.
Automation doesn’t stop there. Response and remediation is just as critical, and the ability to automate this part of the workflow—with the flexibility to do so manually, when needed—can truly help scale a smaller security team. At the end of the day, they will have gone through their incoming alerts, and even have ample time to do threat hunting or proactively identify vulnerabilities, turning an understaffed team at a small or mid-sized bank into a fully staffed SOC, no additional hires required.
Bottom line: It Pays for Itself
Not every bank is the size of Citigroup. But when you combine the cost savings of not requiring expensive and hard-to-find security talent, with a noticeable reduction in risk and costs of post-breach damage control, tools that not only automate the security workflow from beginning to end, but also provide thorough visibility into everything that’s taking place in the enterprise, will pay for themselves in almost no time. It’s time the SOCs of SMB banks and credit unions feel as confident about their security posture as that of HSBC’s, especially when it makes financial sense.
Did we just give financial advice to financial advisors? Yes, yes we did.