The COVID-19 pandemic saw an increase in digital money transactions, which has become another vulnerability that cybercriminals are ready to exploit. Cybersecurity company Kaspersky advises the financial sector to integrate security and improve threat intelligence capabilities to mitigate any attacks.
“For the large majority of cybercriminals, easy money is the prime motivator,” said Yeo Siang Tiong, GM for Southeast Asia, Kaspersky. “And the financial sector is uniquely positioned to be a target of attacks regardless of season because it’s always where the money is. The growth of digital financial services in the Philippines, like in other parts of the region, is creating new and heightened risks for both service users and service providers. In this case, technology will be the game-changer,”
Referencing the Philippine Banking Sector Outlook Survey, Kaspersky said there is a need for the finance sector to integrate and leverage technology in the next two years, even if the Philippines received a perfect score in the Global Microscope 2020 with regulations set on e-money and basic deposit accounts.
“Digital transformation always presents new challenges, especially for the financial sector,” Yeo said. “The Philippines is in the middle of a digital revolution where the use of online payment gateways and e-wallets is expected to expand. While it is a huge responsibility for banks and financial service providers to secure their virtual systems, investing in the most intelligent solutions is essential as they build their cyber defenses to better protect their customers and their businesses. From a cybersecurity standpoint, threat intelligence is an advanced, specialized framework that the financial sector will significantly benefit from.”
In Kaspersky’s recent IT Security Economics Report, it was found that threat intelligence is considered an area of investment for 41% of enterprises and 39% of small businesses in response to a data breach.
To secure ongoing efforts for digital connectivity, identification, and payments infrastructure, up-to-the-minute threat intelligence feeds play a vital role in keeping tabs on the cyberattacks that grow in both frequency and complexity.
Threat intelligence can identify and analyze cyber threats targeting a business. It’s about going through piles of data to examine it, to spot real problems, and deploy solutions specific to the discovered problem.
But threat intelligence is not to be confused with threat data which is a list of possible threats. Threat intelligence is when IT specialists or sophisticated tools “read” threats and analyze them, and apply historical knowledge to know if a threat is real and if it is, what to do about it.
With Kaspersky’s Threat Intelligence Services, organizations are supplied with data feeds that cover phishing links and websites, and malicious objects that target Android and iOS platforms.
Warning on cyberattacks
Since users most of the time access digital financial services through smartphones, banks can easily warn clients against ongoing cyberattack campaigns that usually involve phishing links on emails posing as the bank.
This up-to-the-minute machine-readable threat intelligence in security information and event management systems also enables security teams to quickly launch an automated incident response and easily sift through which alerts must be escalated for further investigation and resolution.
This feed is a collection of data sourced from Kaspersky’s own cloud infrastructure called Kaspersky Security Network, web crawlers, an always-on unique proprietary platform called Botnet Monitoring, email honeypots, research teams, and the company’s global partners.
For industries like financial services, how can threat intelligence be useful? There are three basic things:
- Prevent data loss — a well-structured cyber threat intelligence (CTI) program means your company can spot cyberthreats and keep data breaches from releasing sensitive information
- Provide direction on safety measures — by identifying and analyzing threats, CTI spots patterns used by hackers and helps businesses put security measures in place to safeguard against future attacks
- Inform others — hackers get smarter every day so cybersecurity experts share the tactics they have seen with the IT community to create a collective knowledge base for cybercrimes.
Brute force attacks
From January to April 2020 alone, the average daily instances of brute force attacks met a 24% increase. In fact, even healthcare organizations and other essential services are being targeted by advanced persistent threat (APT) groups. Not all APT threats are reported immediately, and some are not publicly announced.
Managing threats requires a 360-degree view of your assets. Here’s what to look for in a Threat Intelligence program:
- IOC (indicator of compromise). IOC is the basis of threat intelligence. Its evidence can be measured and recognized like a fever showing signs of disease in the body. There are many IOC services. To choose the right one, you’ll need to know which threats you are most likely to face.
- Threat data feeds. These provide integrated intelligence by analyzing adversaries and the wider threat landscape. To choose the best one for you, ask: Do we need an APT data feed if we are not a likely target for APT groups? Where is the best place in the IT infrastructure to add the feeds? Should we block threats or just alert the team? Your answers will depend on your organization’s security posture and IT strategy.
- Threat intelligence platform. A threat intelligence platform lets you manage a range of specialist software that supports the different components. What you choose and how you integrate services comes down to your budget and business needs. Although there are open-source data feeds out there, you can buy more sector-specific intelligence. It is essential to drill down when you purchase threat intelligence services to make sure the vendor provides a responsive service — both in the quality of data feeds and speed if they’re providing incident response.