The Financial Sector Can Lead the Charge in Deception Security

This summer, more than one million Capital One clients had their information breached, furthering the financial sector’s infamous reputation of being the most breached industry with 35 percent of all data breaches. However, the driving force is not just that breaches in the financial sector can be lucrative for those attacking, it is also due to the fact that in an effort to meet consumer demands for access to accounts and transactions anywhere, anytime, this industry has moved more quickly than others on the digital transformation journey. In the process, the financial sector has dramatically grown its cyber terrain, and burdened itself with too many unorganized and insecure systems for the millions of transactions it processes daily.

Breach news and metrics jeopardize organizational trust. The industry needs to approach cybersecurity as a bigger piece of its customer experience and as part of its practices. The sector’s current cybersecurity solutions rely on monitoring an abundance of data. This is overburdening security teams that are already under staffed. These solutions are simply unable to effectively monitor the volume of data, nor can they effectively identify problems that indicate malicious or potentially harmful activity. Security professionals are left chasing benign alert after benign alert.

Emerging security technologies like deception security offer a new way to both deter attacks and prevent data loss. Cyber deception relies on building a layer of decoys or hosts that project an appearance of being real machines to confuse and misdirect adversaries. It also offers a way for teams to collect threat intelligence which can be used to improve overall security.

How Deception Security Works

Deception leads an attacker down a harmless path by planting digital fakes called breadcrumbs, and exploitable devices called decoys. The threat actor believes they’re undetected as they move through the network, unaware that the data they mine is fake. Better yet, when a false device is attacked, security teams are alerted so they can watch the intruder dig around and learn from their activity.

Breadcrumbs—in the form of files, email, documents, fake credentials, cookies in the browser or application data—are distributed as bait among real-assets and decoys. As there is no real reason to access the decoys, anyone engaging with a decoy is a potential threat. Once they’ve attracted interest, decoys alert the system of the threat, block the attacker from accessing real assets, and send the attacker off on in a futile search, bombarding them with additional fake services and data for engagement. Meanwhile, security personnel may observe the activity in a safe manner.

This method changes the terrain’s appearance by altering the attacker’s perception of what is exploitable, thereby removing the attacker from the true terrain. This reduces the workload of security teams as they no longer need to go over false alerts. Rather, they can use deception as a starting point to hunting.

Modern deception uses emulation or virtual-machines for decoys and services, and does not increase an organization’s risk profile (does not increase the attack surface). Efforts to deploy deception and administrate it are actually very low, especially when the deception solution is automated. To be clear, a deception system can be largely automated—based on network and asset discovery including decoy creation, decoy and breadcrumb distribution, to adapting to network and resource changes—while alerting security operations of activity on a pre-determined basis.

Any good deception solution is frictionless; it does not interfere with the networking or the process of the organization. Deception tech is a viable means of security and protection to both deter attacks and prevent data loss.

The Stakes in the Financial Industry

To monitor at the network level, IT and security teams at financial organizations need different types of sensors that watch traffic being sent across network, switching and routing fabrics. For example, global companies process millions of transactions internationally so their systems must register accurate account balances no matter the currency used, time of day or location. Protecting this infrastructure is of huge importance. Only a few cybersecurity platforms can handle monitoring the volume and integrity of such traffic.

The financial industry pays the highest cost from cybercrime, about $18.3M per company according to an Accenture survey. Organizations are struggling to effectively integrate security into their infrastructure as is. With the vast number of customer-owned devices connecting to their networks, financial sector organizations will never be able to fully secure their entire terrain via endpoint, middleware and authentication systems. However, achieving visibility across the entire breadth of network traffic forces staff to create new rules and log analysis that can accurately identify an anomaly versus normal network behavior. As adversaries continually evolve their attack methods, this grows increasingly difficult. IT and security staff must keep up with the exponentially increasing network terrain in addition to anticipating how threat actors will evolve their attack methods.

In short, financial organizations can no longer get by fighting security threats as they arise. The Capital One breach itself exposed approximately 100 million people's personal data, including nearly about 80,000 bank account numbers and 140,000 Social Security numbers. Not only can a breach like this become a massive law suit, but it hurts the organization’s relationship with its customers and key stakeholders.

Organizations with mature cybersecurity operations have already begun adopting deception technologies. Many more small- and mediums-sized organizations initiate deployments every day to help support protection of un-managed hosts. Others need to follow suit.

Although deception technology can be used in limited network areas, its true power is best experienced after an organization deploys the solution across its entire cyber terrain – giving organizations a clear view of their attack surface and key vulnerabilities. This eliminates blind spots in which threat actors can potentially hide and better helps financial organizations better protect their entire terrain.

Already a leader in digital transformation and putting customer experience first, the financial industry can also take the lead in cyber security and putting customer protection first. Deception practices can help turn the tables.

In this webinar, we review the rise of cloud access control and access control as a service, its advantages and disadvantages, and how to select the optimal cloud access control solution for your company.

Security leaders need to accept and act on this reality and take measured and thoughtful steps to mitigate the risk and train staff about the growing likelihood of such violent incidents in their facilities and workplaces.