Are financial services networks safe?

A recent New York Times article addressed the cybersecurity risks Wall Street and financial services face. The article described the reaction of CEOs from financial institutions when they were invited to a session held in May at the US Congress, when they were asked what they consider to be the biggest threat to the financial system. Rather than the COVID-19 pandemic or factors that led to a crisis like the 2008 meltdown: they all mentioned cybersecurity. 

This coincides with data from the International Monetary Fund (IMF), which warned a few months ago that the number of cyberattacks had tripled over the last decade, and the financial services industry continues to be the preferred target: according to data gathered by the institution, in 2020 there were around 1,500 cyberattacks on banks, whereas there were around 400 back in 2012. 

But one of the concerns raised by the CEOs goes beyond the specific cyberattacks that banks receive every year or threats that their customers fall victim to, usually through phishing: What if a cyberattack managed to infiltrate the entire network infrastructure of a country's financial system? 

Collapse scenario  

This is the question addressed by the New York Cyber Task Force (NYCTF), a group of financial cybersecurity experts led by Greg Rattray, former director of the National Security Council (NSC) and current CISO of JP Morgan. Together with Columbia University, they have produced the report "Enhancing Readiness for National Cyber Defense through Operational Collaboration." 

Four scenarios are put forward in this report. One scenario, described as "severe but plausible,” involving multiple financial institutions, could cause the temporary financial collapse of systems in the US and spread to other parts of the world. In this case, a group of North Korean cybercriminal actors hack into the systems of a third-party service provider, such as a company that provides them with Cloud hosting. Once inside, they load self-replicating malware that reaches a financial institution. As other financial institutions communicate with the infected bank in their transactions, the malware also gains access to their networks.  

The scenario highlights the speed with which this cyberattack could spread throughout the financial system. It also points out as a potential weakness the lack of integration of Cloud service providers in the US cybersecurity response ecosystem. And with respect to the institutions themselves, the report warns that their cybersecurity principally focuses on their perimeter and external threats, but often neglects to protect against supply chain attacks produced by an apparently trusted system. 

Zero Trust and Advanced Firewalls  

The high number of cyber attacks and the NYCTF report indicate that threats are becoming more frequent and dangerous, both for the institutions themselves and for the entire financial system in which they are interconnected. In this context, MSPs must be able to ensure that organizations have comprehensive network security. WatchGuard Firebox advanced firewalls provides total network protection, with a full arsenal of scanning engines to protect against spyware, viruses, malicious applications, data breaches, botnets and much more. 

For financial institution headquarters, Firebox M4800/M5800 appliances are the most suitable, as they serve as the hub responsible for managing and securing the layered security of all communications between the head office and other institutions and between the former and branches and remote employees.  

In addition, the report also highlights that threats can come from any source no matter how trusted it may be. Therefore, MSPs should always start with a "Zero-Trust" approach to cybersecurity strategies for their organizations. WatchGuard's Endpoint Detection, Protection and Response (EPDR) solutions are based on this premise, as they include the Zero-Trust Application Service free of charge and any application or binary, either third party or owned, is analyzed. This will enable organizations to reduce the chances of situations such as the frequent cyberattacks they encounter and avoid financial system collapse scenarios like the one described in the report.