Risk management is a long-standing part of bank operations. With a multi-billion fraud problem (e.g., $25 billion a year for deposit account fraud), managing it is at the top of the risk agenda. More than half of global banks recover less than 25% of fraud losses (KPMG).
To help mitigate this massive business risk, the banking industry was an early adopter of using anomaly detection (enabled by AI-driven models) to detect and mitigate fraud. Now it’s time to use that same approach — anomaly detection using behavioral analytics — to fight what is now the greatest risk of all: cyber risk.
Cyber risk is rising in urgency as digital transformation throughout the industry takes hold. We know the cyber criminals are pouncing and that “the financial services industry continually has the highest cost of cybercrime” of any sector (Accenture).
How bad is it? From 2019 through 2023, banks could lose nearly $350 billion globally due to cyber crimes and attacks. The number of cyberattacks has tripled over the last decade, and financial services continues to be the most targeted industry (IMF). Malicious data breaches cost banks $175 cost per record of stolen personally identifiable information (Ponemon/IBM).
What are the implications? Financial and intellectual property losses, negative impact on brand reputation and loss of customer trust and loyalty. Community banks are not immune, with 70% ranking cybersecurity as their most important risk.
Defending together
It’s safe to say that banks — from smaller ones to the largest players — are not engaged in a fair fight. The days of random basement hackers are gone. Bad actors backed by nation-states and highly organized criminal groups are today’s adversaries. They are well-funded and well-coordinated. They are working together. This current state of affairs begs the question, “Why aren’t we defending together?”
Last year, the Texas Bankers Association ISAO asked itself this same question, since defending alone clearly is not working. Now, the TBA ISAO is taking action to bring together member banks to combat cyberattacks as a unified front. It is partnering with IronNet to build a Texas Banks ISAO Collective Defense community where members can leverage IronNet’s AI to detect unknown threats on their networks and, in turn, share visibility of these threats in real time — and anonymously — with others in the Collective Defense community. This community acts like an early warning system for all. It allows smaller banks to leverage the analyst resources of larger stakeholders, while big banks can see early intrusion attempts on less-resourced entities — often a sign of what’s heading their way.
“With banking institutions under constant threat of cyber attacks, we need to come together to fight back with threat intelligence that is timely, actionable and relevant. IronNet has the technology to achieve this vision; now, it’s up to us to make the mind shift toward Collective Defense for the greater good of all Texas banks,” explained Chris Furlow, president and CEO of TBA, who is passionate about this mission.
Protecting the financial sector
Powered by behavioral analytics that detect threats ahead of the curve and correlate them across the community, Collective Defense is particularly critical for protecting not only large banks but the sector as a whole. Adversaries often move laterally to unravel their attacks or find weak spots from which to infiltrate a larger ecosystem. This is especially true for the financial sector, where even an attack against a midsize bank could have a spillover effect, causing a threat to the solvency of a top five institution.
Armed with broader visibility of automatically correlated threats, analysts gain actionable attack intelligence that reduces false positives, enables them to prioritize alerts, pools investigation resources and shortens time to triage.
This level of collective attack intelligence allows banks of all sizes to detect and remediate previously unknown threats at scale — and with shared resources.
Consider the cyber talent shortage, for instance. Imagine if your cyber analysts were sharing information about incoming cyber attacks in real time with a dozen other banks’ analysts. Imagine the impact of the force-multiplier effect of those analysts working together, especially given that adversaries are now launching platform-level attacks that hit industries at large as we saw with SolarWinds.
Actionable attack intelligence — why you need it
| Traditional Threat Intelligence |
Actionable Threat Intelligence |
| Threat intelligence is what could happen to your organization. |
Attach intelligence describes what it happening to your network, or is happening to someone that looks like you, or is happening in your supply chain. |
| Threat intelligence basically tells you there are a lot of cyber adversaries who can do a lot of bad things. |
Focused and specific, attack intelligence comes from detecting subtle anomalous use of trusted software, credentials, services and protocols.
|
It is not specific enough and it is not normally timely enough to allow you to focus your limited cyber resources on the threats most likely to impact your business.
|
Only through anomaly detection and alert correlation in real time will you be able to detect advanced attacks in the early stage.
|
Threat intelligence is typically not timely enough to allow you to take action during the early stages of network intrusion before an attacker moves laterally across your network or reaches the exfiltration of exploitation stage.
|
Attack intelligence reveals threats, with situation context, in time for you to take action before the threat has a significant impact on your business.
|
In contrast to traditional cyber threat intelligence, which remains a long-standing and valuable resource, actionable attack intelligence meets the three criteria needed to allow analysts to better capture and communicate knowledge of unknown threats in time to thwart network attacks in the early stages of intrusion:
- Timely: You need speed when it comes to both detection and triage.
- Relevant: You need meaningful threats to emerge from information overload.
- Actionable: You need situational context around detected anomalies.
Actionable attack intelligence fuels the Texas Banks ISAO Collective Defense community. It exponentially increases your ability to defend against our adversaries, protects capital and mitigates cyber risk.