- January 20, 2022
- Posted by: administrator
- Category: Teramind
The financial sector has experienced some of the most notable data breaches in recent years. Between 2017 and 2020, three major players, Equifax, Capital one and Experian, all fell victim to attack. These data loss events affected hundreds of millions of consumers and cost the affected companies hundreds of millions of dollars. The need to strengthen cybersecurity in the financial services sector is apparent, but doing so benefits businesses in more ways than one; strengthening data loss prevention also increases productivity, particularly in finance.
How A Data Loss Event Affects Productivity
Often when a cyberattack or data breach occurs, a company experiences a loss in productivity due to the data being unavailable for employees to work with. This loss is so high, it’s cited as the largest contributing factor to the cost of a data breach. Along with lost business and the cost of attracting new customers, lost productivity and company downtime account for 38% of a data breach’s cost. Such associated costs represent the largest share of the cost of a data breach.
Considering the financial sector faces an average cost of 5.72 million per breach, a cybersecurity and data loss prevention plan should include not only how to prevent a cyberattack but also how to lower the associated costs. And lost productivity is one area where costs can be lowered. Approaching cybersecurity in this manner strengthens data loss prevention, increases productivity and lowers a breach’s associated costs.
Strengthening Data Loss Prevention
Building a robust cybersecurity infrastructure in finance considers the types of attacks facing these businesses. In 2021, the two attack vectors that were most prevalent were compromised credentials and phishing attacks. Seemingly different, these two attack vectors have one thing in common: a human element. They rely on human nature to reuse and choose easy to guess passwords and to trust official sounding or looking calls and emails. To best protect against a data breach, financial and banking institutions must protect themselves against such employee vulnerabilities.
To start, promoting a strong password strategy helps defend against credential theft. Requiring complex passwords using a variety of symbols, numbers and letter case should be made a standard practice. These can be further strengthened by requiring employees to change their passwords a few times a year. This measure ensures passwords are fresh and less likely to be reused across employees’ personal accounts.
While password strength is easier to manage, protecting against socially engineered phishing attacks requires a more dynamic approach. Training employees to recognize such attacks is the first step to protecting against phishing. But, as cybercriminals become more sophisticated in their attacks, even the most trained employees may still fall victim to their ploys. This leaves companies in need of secondary measures to help protect their employees and their assets. As a result, a growing number of financial institutions have been adding activity monitoring to their data loss prevention security stacks.
When installed on an employee’s computer or a company’s server, activity monitoring agents detect suspicious emails, track server and sign in usage and block unauthorized data exfiltration attempts in addition to providing activity insights that help promote productivity. Below, we hear from one financial services provider who used a monitoring tool to strengthen data loss prevention and ended up increasing productivity as a result.
Data Loss Prevention & Productivity Use Case
A fintech company providing backend processing of online payments recently experienced the benefits of adding activity monitoring to their cybersecurity plan.
With a mostly remote, async staff, the fintech company knew they needed to protect their company data from vulnerabilities of their out-of-office staff. Wanting to ensure their remote staff’s protection, the company deployed a server-based monitoring agent. This way, when an employee was signed into their server, their actions would be monitored and their assets therefore safer. The server-based monitoring agent provided privacy to their remote workers who used their personal devices for work while still providing the protections the company sought.
The company’s first four months using the monitoring platform was without incident. While there wasn’t any incompliant or risky behavior detected, the workflow of their remote employees became evident; and, after distributing the behavior analysis collected by the monitoring agent to department managers, workflows were improved. While this wasn’t the intended purpose of the monitoring agent, the company welcomed the beneficial byproduct of investing in the monitoring software.
Understanding that their remote employees worked asynchronous, the IT security agents elected to closely monitor location logins via IP addresses being used to access the server. If an unverified or unrecognized IP address attempted sign in, administrators and IT security would be alerted and the attempt blocked.
After months of incident-free usage, the system began pinging admins and security. An unauthorized IP address was attempting access to the server.
Security quickly investigated.
Using the monitoring agent’s recordings of user actions while signed into the server, the investigation unveiled a double threat. A data engineer had fallen victim to a phishing scam and through the scam revealed his employee credentials.
Investigators found that through an email proxy, a threat actor posing as a member of the IT security staff was able to collect the engineer’s sign in credentials not only for the server but also the microsegmented data to which the engineer had access. But because of the location settings, the cybercriminal behind the ruse was unable to sign in and admins were immediately alerted.
The company was able to successfully catch and stop a cyberattack attempt on their systems. By doing so, not only were they able to avoid the hefty costs associated with a data breach, they were able to avoid the downtime employees would have faced had the threat actor been successful in exfiltrating the data the engineer had access to. In addition, the fintech company was able to develop training using this real-life scenario to better educate their staff to avoid phishing attacks in the future as well as reinforce their cybersecurity measures.
In this way, by using an activity monitoring tool on their server to strengthen data loss prevention they increased their company’ long term productivity. They were able to avoid a data breach and therefore the lost productivity that comes along with it.
With financial and banking institutions facing some of the highest data breach costs, stronger measures are needed to provide greater cybersecurity. To best protect their assets, these measures should be structured around the types of attacks most frequently used in data breaches. Doing so not only saves these organizations from the high costs associated with breaches, but works to improve productivity. This is what activity monitoring achieves. Through customizing monitoring to fit employees’ needs and work habits, insights can be gained and attacks can be thwarted, improving productivity and saving the bottom line.
NOTE:: This is article is copyright by Teramind and we are used it for education or information purposes only.