It can often feel like cybercriminals are two steps ahead. The result is that security professionals are constantly creating and updating their security protocols to match the volume of equally sophisticated malware attack vectors being directed at them. This is especially true for cybersecurity in financial institutions, this is in part due to the value of the data stored, processed and transmitted through these organisations. As cyberattacks become more frequent, executives have to rethink their approach and their cybersecurity solutions budget.

However, the sheer volume and complexity of these attacks on financial institutions has meant that simply adding more one-off security solutions to the stack is no longer sufficient to detect and take steps to remediate intrusions. Instead, in addition to implementing network and perimeter defences, financial services organisations have to provide context to this technology, generated by real-time threat intelligence.

What is threat intelligence?

Threat intelligence is essentially the collection and analysis of data, derived from both local and global sources, to inform and define the threat landscape related to your business. In order to be effective in seeing off cyber attacks, you must first understand the threats that your networked devices and resources are susceptible to. Through analysing the data produced across your network and systems, your organisation will be able to:

• Determine which of your data and devices pose the highest risk
• Learn the most popular attack vectors targeting these resources
• Find the most efficient, effective way to protect your information

In an ideal world, security solutions would be combined with all of the pertinent threat intelligence available to the financial services industry to ensure the end of data breaches. However, this remains impossible as much of this data cannot be effectively correlated or acted upon by the variety of security tools deployed across your network. While it is widely understood across the financial services industry that threat intelligence is necessary, banks and other institutions do not just need threat intelligence. They need actionable threat intelligence. 

When can threat intelligence be counterproductive?

Given the amount of personal data collected and processed by the financial services industry such as credit card numbers and financial records there is no shortage of incentives to entice cybercriminals. However, the sheer volume of threat intelligence information can be just as problematic, as this data does not always come in an easily decipherable format. Rather, each bit, byte, or packet must be assessed and formatted in a way that insights can be drawn from and acted upon in a realistic amount of time. In addition, much of the data is redundant – meaning it may not apply to your circumstances, or far too often, is of questionable value. Sorting through and filtering the deluge of information often takes more time and resources than are available.

With such volumes of data, it often results in the truly pertinent information becoming lost in the haystack and being overlooked, or resulting in false positives which consume valuable resources. A recent survey compiled by Phantom Security Services and ESG Research found 74 per cent of organisations say that security events and alerts are often ignored as staff simply cannot keep up with the enormous volume. Making matters worse, cybercriminals are learning and evolving their attacks to build automation into malware to make them smarter, more effective and efficient, and harder to detect. Which means that the viable response time to attacks is getting even shorter.

Automating your threat intelligence

Threat intelligence has the potential to have an enormously positive impact on financial institutions in their efforts to stay a step ahead of cybercriminals. However, just as criminals have automated the process of finding vulnerabilities, financial institutions must focus on the automation of threat intelligence to inform security updates as quickly as possible. By automating threat intelligence organisations will be able to ensure any important security alerts or events rise to the top. This allows for the optimisation of security resources with the most up to date information on what is occurring within the organisation’s ecosystem.

Modern threat intelligence also needs to include machine and deep learning that can be scaled across an entire integrated security system, rather than to isolated security platforms. A single integrated security framework allows granular visibility into your entire distributed network, and enables you to automate a coordinated threat response across your entire security infrastructure.

As machine learning, AI, and robust threat intelligence become more commonplace among security solutions, having an integrated security architecture in place will be necessary to leverage the insights from these tools. It can be resource intensive to make this intelligence actionable, which is why financial services firms must focus on building a security architecture that allows for the automated analysis and distribution of actionable threat intelligence across an integrated system of security solutions. Once this intelligence has been deployed locally, the next step is to share it across the industry to ensure security solutions can be prepared to detect new and evolving threats for the entire connected industry.