Cyber Strategy: Don’t Focus on Prevention — Master Resilience

Cyberattacks targeting financial institutions have become increasingly sophisticated, complex, and persistent. Attackers use sophisticated methods such as zero-day exploits, social engineering, and targeted malware — all of which make it difficult to prevent attacks. That concern is compounded by an attack surface that is rapidly expanding and changing, with more than 83% of web traffic today using application programming interface (API) requests.

Even when a financial institution feels that it has locked out all external threats, there is still the risk of cybercrime originating from internal breaches, third-party vendors, and nation-state actors. The last two years have seen a jump of almost 44% in insider threat, with larger financial institutions having a higher likelihood of an internal cybercrime incident.

With the reality of all businesses facing cybercrime, regulatory frameworks and compliance standards will increasingly emphasize cyberattack resilience — not just prevention. The Digital Operational Resilience Act is a clear example, stressing the need for financial entities to demonstrate the ability to withstand, respond to, and recover from cyber incidents.

Why is cyber resilience important? Because proactive preparation and response mitigate damage. That response must go beyond mere prevention, and acknowledge the inevitability of cyber incidents. It should focus on the financial institution’s ability to withstand, adapt, and continue operating in the face of challenges, mitigating further damage and protecting the institution from legal risks due to negligence.

This can only be carried out with a comprehensive and integrated approach to cybersecurity defense with a trusted technology partner. Deploying security controls integrated by a single vendor can help streamline operations and make detecting and mitigating threats easier.

However, chief information officers and other C-suite leaders often need help in determining strategies to mitigate breaches and shorten their impact and duration. Here are several principles to give organizations the best chance to effectively weather attacks.

1. Mind APIs

Understanding all organizational APIs and their risk exposure is crucial for resilience against cyberattacks. APIs serve as gateways for data exchange between systems and external parties, making them potential targets for cybercriminals who seek entry into sensitive networks.

Effective API security must move beyond traditional API discovery to locate API endpoints that are authenticated but still exploitable as part of API sprawl. Understanding the risk exposure covered by APIs allows for proactive threat assessment and the identification of weak points.

This leads to the implementation of appropriate mitigating strategies, which bolsters the financial institution’s cyber resilience, minimizes the attack surface, and decreases the risk of data theft and business disruption.

2. Target the OWASP Top 10 API Security Risks

Prioritizing and ensuring controls that cover the Open Web Application Security Project (OWASP) Top 10 API Security Risks (2023 edition) is a good place to start when your goal is to find and eliminate API vulnerabilities.

Financial institutions can allocate their resources effectively to address the most significant threats by focusing on these key vulnerabilities, reducing the attack surface and potential impact of successful breaches. Implementing these robust controls enhances the overall security posture of web applications, minimizes the likelihood of successful cyberattacks, and fosters a proactive security approach that strengthens the organization’s ability to withstand and recover from potential attacks that could otherwise do heavy damage.

3. Implement always-on distributed denial-of-service (DDoS) protection across the entire attack surface

This important barrier is crucial because such attacks present a considerable risk to the availability and performance of online services. Comprehensive protection across the entire attack surface helps safeguard against potential service disruptions, data breaches, and financial losses, which will bolster the organization’s ability to maintain business continuity, protect customer trust, and effectively respond to cyberthreats.

4. Actively participate in threat intelligence sharing

Join the Financial Services Information Sharing and Analysis Center (FS-ISAC) for access to critical intelligence that will help you stay ahead of threats. Participating in threat intelligence sharing enhances situational awareness and broadens the understanding of the overall cybersecurity landscape. Financial institutions gain insights into industry-specific threats, enabling them to anticipate and prepare for potential risks that may impact their operations and customers.

5. Maintain runbooks and playbooks

Maintaining up-to-date runbooks, conducting tabletop exercises, having playbooks for various zero-day scenarios, and keeping the security operations center playbook updated and accessible are all vital for resilience against cyberattacks. Runbooks provide clear, standardized procedures to respond to incidents promptly and effectively. Tabletop exercises simulate real-world scenarios, allowing teams to practice their response strategies and identify areas for improvement.