How banks can build cyber resilience and improve compliance with Zero Trust Segmentation

“The frequency and scale of attacks on banking institutions and financial service providers means that simply meeting minimum compliance standards is no longer acceptable to customers, shareholders, or the Board. Building cyber resilience with an “assume compromise” mindset using Zero Trust Segmentation is now a requirement.

Raghu Nandakumara, Head of Industry Solutions at Illumio  

Banks face many challenges. One of them is to comply with many different regulations. Compliance with the prescribed standards is vehemently demanded by the regulatory authorities due to the critical importance of the financial sector. Failure to comply with applicable regulations and guidelines can result in criminal penalties and heavy fines. 

The regulatory requirements for financial institutions are complex. Licensed banks in Singapore, for example, are subject to statutory obligations to protect the privacy of customer information, as set out in Section 47 of the Banking Act. Under such, customer information cannot in any way be disclosed by a bank or any of its officers to any other person except as expressly provided within the Act. The Personal Data Protection Act (PDPA) also provides a base standard of protection for personal data, complementing legislative and regulatory frameworks that are sector specific. 

Regulatory requirements apply to banks of all sizes, but implementing these requirements costs time and money. This is a challenge for smaller banks because the necessary experts are few and the costs put pressure on margins. For large banks, the challenge is not letting the implementation costs get out of hand. In these cases, Zero Trust Segmentation has a significant role to play. 

Moving from prevention to containment 

Zero Trust Segmentation applies the Zero Trust principles of “never trust, always verify” to contain the spread of breaches and ransomware across the hybrid attack surface. It does this by continually visualising how workloads and devices are communicating, creating granular policies that only allow wanted and necessary communication, and automatically isolating breaches by restricting lateral movement proactively or during an active attack.    

You can think of Zero Trust Segmentation like a hotel where each guest has their own key card. An intruder might be able to gain access to the lobby (an acceptable risk), but they can’t access other floors or rooms. Zero Trust Segmentation functions in the same way, ensuring the division of endpoints, clouds, and data centres into segments to protect them from potential threats.   

Compliance and cybersecurity with one solution 

Meeting regulatory requirements is important, but strengthening banks’ security posture is critical. Financial organisations often have a complex IT infrastructure, comprised of many endpoints, interconnected systems, and hybrid IT. This makes it hard for security teams to maintain visibility of their entire estate. You can’t secure what you can’t see.  

Real-time visibility and having a comprehensive view of application traffic and communications is an integral part of implementing IT security and making policy decisions. Some banks have further leveraged the power of the solution by augmenting the mapping capabilities of the new solution with overlays of results from existing vulnerability scanning tools. In this way, the banks gain insight into the most vulnerable and unpatched servers and connections that attackers could exploit. 

In addition to meeting compliance regulations, Zero Trust Segmentation also enables banks to make dramatic improvements to their overall IT security posture and cyber resilience, by strengthening defences and minimising the risk of operational disruptions. Research also found that organisations with mature Zero Trust Segmentation strategies are twice as likely to avoid a critical service outage and save $2.1 million on annual downtime costs.  

Boosting cyber resilience in banking 

Cyber resilience is critical for banks as the financial industry has always been a target for cyberattackers. Banks collect enormous amounts of data, including personal information, credit card information, social security numbers, data on investments, loans, and much more. They are essentially the guardians of very important parts of everyone’s digital identity. 

Cyberattackers know this, too, and so cyber threats to banks have increased dramatically once again in recent years. According to the IBM X-Force Threat Intelligence Index 2022, the financial industry was the most affected by cyberattacks for five consecutive years from 2016 to 2020. This is mainly due to the increasing digitalisation of the financial industry. No banking process today runs without digital support. The hyperconnectivity between users, applications, data, and devices increases the attack surface of banks enormously and thus also the cyber risk. 

The rise of ransomware 

A major threat to banks is currently posed by ransomware attacks, which can lock down and paralyse entire IT systems. For banks, these attacks and the resulting business interruptions can threaten their very existence. 

The most worrying thing about ransomware is the fact that it has evolved from simply stealing data, to impacting availability. It is no longer just a security problem; it is an operational issue with impacts including extended operational downtime, as well as huge financial and reputational damages.  

Banks must therefore take measures to stop attacks quickly. Limiting and containing security breaches are key. This is cyber resilience: the ability to maintain the function of IT systems even in the event of an ongoing cyberattack. To do this, companies must move away the traditional “find and fix” approach to cybersecurity and focus instead on stopping the spread of attacks and minimising the impact of a breach through breach containment. 

Guarding against ransomware and other kinds of breaches has become more than just a cybersecurity problem – it’s now a business resilience challenge at the highest levels. 

 

Shopping Cart

Media Kit

    Data Protection

    Personal Data (“Data”) submitted for Media Kit (“Media Kit”), and/or collected in the form of first name, last name, email address and other contact details may be used for the purposes of inviting you to future events and for reaching out to you with content which may be of interest to you. For these purposes, The Digital Banker will share the Data with our associate companies (including event and content sponsors) to promote their products and services. You will also be automatically subscribed as a user on www.thedigitalbanker.com. If you would like to opt-out, email us at [email protected].

    By clicking Submit, you acknowledge that you consent/ have sufficient informed consent to the collection, use and disclosure of Data as set out above.

    The Digital Banker Summit

    Moving on from FTX: is 2023 the year of CBDCs?

    Indonesia, Jakarta

    Thailand, Bangkok

    Philippines, Manila

    Contact Us

      Data Protection

      The information you provide will be held on our database and may be used to keep you informed of our and our associate companies’ products and for selected third party mailings. Please tick the box if you would prefer not to be contacted for these purposes:

      Request Nomination Pack

        Data Protection

        The information you provide will be held on our database and may be used to keep you informed of our and our associate companies’ products and for selected third party mailings. Please tick the box if you would prefer not to be contacted for these purposes:

        Registration Form

          Data Protection

          The information you provide will be held on our database and may be used to keep you informed of our and our associate companies’ products and for selected third party mailings. Please tick the box if you would prefer not to be contacted for these purposes:

          Registration Form

            Data Protection

            The information you provide will be held on our database and may be used to keep you informed of our and our associate companies’ products and for selected third party mailings. Please tick the box if you would prefer not to be contacted for these purposes:

            Registration Form

              Data Protection

              The information you provide will be held on our database and may be used to keep you informed of our and our associate companies’ products and for selected third party mailings. Please tick the box if you would prefer not to be contacted for these purposes:

              Registration Form

                Data Protection

                The information you provide will be held on our database and may be used to keep you informed of our and our associate companies’ products and for selected third party mailings. Please tick the box if you would prefer not to be contacted for these purposes:

                Registration Form

                  Data Protection

                  The information you provide will be held on our database and may be used to keep you informed of our and our associate companies’ products and for selected third party mailings. Please tick the box if you would prefer not to be contacted for these purposes:

                  The world’s preeminent Private Banks and Wealth Managers are demonstrating a committed drive in innovation, advisory, new products and services to meet the sophisticated needs of their clients.

                  COVID-19
                  Amid economic activity revival on the back of the Covid-19 vaccine program, organisations moving from business continuity plans to stable working environments, together with the slightest improvement in unemployment numbers, forced the world to adjust to new realities. Coming to terms with the “new normal”, global investors are now on the look-out for attractive and stable investment opportunities.

                  Needs of Private Wealth customers and families worldwide have drastically changed due to the pandemic and banks have had to accelerate efforts to deploy a multi-channel service strategy and safeguard clients’ businesses and wealth against negative impacts of economic uncertainly.

                  The Global Private Banking Innovation Awards will recognise the world’s best private banks, wealth managers and asset managers that are championing innovation across advisory, service, products, customer experience and more.

                  Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. 

                  Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

                  Request Nomination Pack

                  Error: Contact form not found.