The increasing importance of cybersecurity in banking

Cybersecurity in banking is an increasingly expensive challenge for financial institutions, as the threat of cyberattacks increases. This is due to a multitude of factors, such as complex systems that expose more points of vulnerability to attackers, higher costs when attacks are successful, and a spike in the overall number of attacks.

Together, these factors have led to growing premiums for institutions to insure themselves against attacks, and greater vulnerability for those that aren’t increasing protections at pace with the threat.

In this article we lay out 3 categories of threats to cybersecurity in the banking industry, what’s changed to make the threat more urgent, and the capabilities needed to combat each type of threat.

Cloud services are a key tool many financial institutions use to modernize their systems. However, this adoption of cloud services comes with an abundance of new challenges and threats. "Cloud" refers to the hosted resources delivered to a user via software. These resources—along with all the data being processed—are dynamic, scalable, and portable.

What’s changed that makes cloud security threats more urgent for the banking industry?

Cloud security threats are more urgent now because more of the overall technology estate of the financial sector is now housed in the cloud. This practice is increasing as organizations seek to reduce cost and become more nimble. These new attack vectors can create reputational risk and potential sanction from regulators if there are lapses in managing risk.

What do you need to combat cloud security threats?

Responsibility for cloud security is shared between the financial organization and the cloud services provider, but both sides should be cognizant of the following capabilities:

• Threat detection, intelligence and response
• Configuration and policy management
• Key management and encryption
• Surveillance and observability
• Software supply chain security

Data security threats are attacks that threaten privileged data falling into unauthorized hands. This  includes threats to both data accessed at rest (i.e., an unauthorized user logging into a place they are not meant to access) and data captured in motion (i.e., an unauthorized user capturing data in transit between two authorized sources).

What’s changed that makes data security threats more urgent for the banking industry?

While the primary target for data security threats is still users and user error, the attack vectors have become more sophisticated, numerous, and costly. This is paired with an increasing need for on-demand data as mobile platforms and remote work increase the need for high-speed, ubiquitous access to data. More specifically, threats on data have become more urgent because:

• In 2020, the average person on Earth created 1.7MB of data each second, creating more opportunities for attackers to take advantage.
• Advances in artificial intelligence (AI) and machine learning (ML) are allowing for more sophisticated attacks.
• Many recent attacks have exploited expanded data access, such as the SUNBURST attack that revealed the financial data of 5.2 million Marriott customers.

What is needed to combat data security threats?

One of the key capabilities needed to combat data security threats is to take a zero trust approach to security. It is an approach to designing security architectures based on the premise that every interaction begins in an untrusted state. Within this context, trust boundaries must be kept as small as possible, and no access should be authorized beyond what is needed to complete the transaction.

In the United States, President Biden's Executive Order on Improving the Nation's Cybersecurity (EO 14028) requires federal civilian agencies to establish plans to drive adoption of Zero Trust Architecture.

Zero trust is based on two key foundations:

• De-perimeterization: De-perimeterization addresses decoupling of trust from location. In a world where users need to be able to access organizational data from anywhere, and because of transitions to the cloud, that data can be anywhere, enterprises are no longer defined by geographic perimeters. 
• Least privilege: When interactions cannot inherit trust based on name or location, every interaction is suspect. Least privilege refers to the practice of restricting access to only those resources absolutely necessary—i.e. the "least" privileges necessary for an activity.

In order to implement a zero trust model, an organization must adopt these critical components:

• Single, strong source of identity for users and non-person entities (NPEs).
• User and machine authentication.
• Additional context, such as policy compliance and device health.
• Authorization policies to access an application or resource.
• Access control policies within an app.

These components are largely focused on being able to default identity based access policies to "deny-all" and "allow-by-exception."

Red Hat’s core solutions are enterprise-tested and ready to be used in an environment that focuses on security.

Here are some of the key solutions Red Hat offers to help with cybersecurity in the financial services industry:

Red Hat Trusted Software Supply Chain

Red Hat® Trusted Software Supply Chain is a set of cloud services powered by Red Hat® OpenShift®, which enhances resilience to software supply chain vulnerabilities. As part of this solution, two new cloud services, Red Hat Trusted Application Pipeline and Red Hat Trusted Content, join existing Red Hat software and cloud services, including Quay and Advanced Cluster Security (ACS).

Red Hat Advanced Cluster Security for Kubernetes

Red Hat Advanced Cluster Security (ACS) for Kubernetes is the pioneering Kubernetes-native security platform. This platform can equip organizations with the power to more securely build, deploy, and run cloud-native applications. The solution helps protect containerized Kubernetes workloads in all major clouds and hybrid platforms, including Red Hat OpenShift, Amazon Elastic Kubernetes Service (EKS), Microsoft Azure Kubernetes Service (AKS), and Google Kubernetes Engine (GKE).

Security automation with Red Hat Ansible Automation Platform

Red Hat® Ansible® Automation Platform uses playbooks, local directory services, consolidated logs, and external apps to integrate IT security teams and automate their security solutions, allowing them to investigate and respond to threats in a coordinated, unified way. 

Red Hat OpenShift Service Mesh

Red Hat OpenShift Service Mesh provides a uniform way to connect, manage, and observe microservices-based applications. It provides behavioral insight into—and control of—the networked microservices in your service mesh. Gain access to comprehensive application networking security with transparent mTLS encryption and fine-grained policies that facilitate zero-trust networking.