The unprecedented number of data breaches over the last year has increased investigation of attack patterns and deep post-breach analysis to reveal the root cause. Knowing your IT environment gives you better control over your most critical systems, but awareness of what is going on outside your perimeter gives you the opportunity to proactively prepare for possible cyberattacks. The negative experiences of other market players, especially in the financial sector, may serve as an excellent guideline for identifying existing gaps and strengthening your own security.
Netwrix, the IT auditing company that provides software to maximise visibility of IT infrastructure changes and data access, summarises three recent breaches where financial data was exposed using different patterns and shares some key lessons to mitigate the risk of future incidents:
- Morgan Stanley lesson. This case showed us that the importance of privileged account monitoring shouldn’t be underestimated. Insider misuse has always been a nightmare for security officers because it’s hard to detect and impossible to prevent. The headline-making Morgan Stanley experienced it firsthand when an employee stole customer information on 350,000 clients, including account numbers. To prevent users from taking advantage of their privileges, it is essential to enable continuous monitoring of their activities as well as ensure that employee permissions are properly granted. This will help you ensure that they are not extracting or manipulating data that is not required for their particular business needs.
- Premera Blue Cross lesson. Financial institutions are not the only entities whose financial data is vulnerable to exposure. US Health insurer Premera Blue Cross experienced a cyberattack that compromised the financial, medical and personal data of 11 million customers and all this happened only three weeks after a routine audit that revealed several problems with their network security. The main lesson to learn here is to take compliance regulations more seriously and consider them as a step toward stronger security, rather than a routine task that ends as soon as the door closes behind the auditors. Regular compliance validation is an opportunity to improve security and risk assessment processes as well as prove the adequacy of your internal policies. Because any vulnerability in the IT infrastructure may be exploited by sophisticated adversaries, address security issues that are identified by the auditors immediately, regularly review your internal regulations and update them according to changing threat patterns.
- Bank of Manhattan Mortgage Lending lesson. Despite increased attention to security, practice shows that many incidents are caused by human factors. No matter how advanced your security mechanisms are, they have little value against the negligence of just one employee who unintentionally discloses customer mortgage information, including personal and financial data, which was exactly what happened to Bank of Manhattan Mortgage Lending. Establishing strict security policy is not enough; in a fast-moving cyber risk environment, you need to know exactly who touches sensitive data and why. Visibility across the entire IT infrastructure is not a nice-to-have; it is a need-to-have data integrity factor that provides the necessary level of control to stay proactive in identifying and eliminating critical security vulnerabilities.