Earlier this year, Radware published “From the Front Lines- How a Multinational Bank Handled a Ransom Threat and SSL-based Attack” – a very timely piece describing the risks that large banking institutions face in the current security climate.
However, perhaps lost in the message was the impact to smaller, local financial institutions (think credit unions, currency exchanges, grocery store bank kiosks, and banks on Main Street), and the risks incurred by having insufficient protection against both the most rudimentary cyber-attacks and the extremely complex.
In 2016, the financial services industry suffered 44 million cyber-attacks, more than any other industry. Everything from hacktivist motivated ransomware attacks to Internet of Things (IoT) assaults targeted the financial sector, resulting in hundreds of millions in lost revenue. Much of this is in the noise among the large national and international banking headlines. However, the vulnerability gaps for smaller financial entities, and the corresponding opportunity for Managed Security Service Providers to provide them protection is incredible.
A report by Beazley Breach Response (BBR) Services found that in 2016 banks and credit unions with less than $35 million in annual revenue accounted for 81 percent of hacking and malware breaches at financial institutions in 2016, a major increase over the 54 percent of incidents they represented the year prior.
Perhaps more than any other industry, security professionals at financial service firms truly are on the frontlines of today’s cyberattacks, combating everything from ransomware attacks to SSL-based attacks.
The Plexi Glass at the Currency Exchange is Not Enough
In the simplest cases cyber-criminals will attack small banks and credit unions to steal money. For example, in Battle Creek, Michigan a fraudulent wire transfer of $121,000 was reported by the Kellogg Community Credit Union. In this case police indicated that the attacker hacked the credit union records for another member and changed the contact phone number so when credit union officials called to verify the transfer they talked with the suspect and not the actual member. Attacks can run the gamut of very straightforward and simple to extremely complex.
Many financial entities deploy a firewall to protect infiltration from outside their internal network. However, the majority of Distributed Denial of Service (or “DDoS”) attacks are beyond what a firewall can protect against. When stateful devices like firewalls are used in an attempt to prevent DDoS attacks, there is a significant architectural vulnerability. Security attacks may trigger a large number of new connections in state tables, which requires internal resources to manage the load. These internal resources can easily be overrun in an attack scenario. Additionally, DDoS attacks aren’t simply about connections — they may also include attacks within applications.
Why should Small Money care? Because they are prime attack targets.
As institutions continue to offer more services through the web, the mix of applications that must be supported to service customers and employees grows more complex. Branch bank managers, risk and compliance officers and contact center agents have new job requirements and must stay on top of the inherent issues associated with the “new way” of conducting business. Applications need to be consistently available and performance cannot waver. Security is vital. Confidentiality is not only expected, it’s legally required to comply with regulations that require the safeguarding of information such as Sarbanes-Oxley (SOX), the Gramm-Leach-Bliley Act (GLBA) and the California Senate Bill 1386.
Cyber criminals are focusing on attacking smaller banks and credit union computer systems because once inside the firewall the number of connected stakeholders they have access to multiplies – to end customers, parent banks, partners, etc. According to a Boston Globe report, “Cyber-criminals are already testing this route. About a year ago, a small Boston-area bank discovered during a routine check that hackers had invaded its computer systems, Montgomery said. The malicious software wasn’t aimed at the local bank, which regulators declined to identify. Instead, the code was targeted at disrupting the Fed and the payment systems, officials said.”
A Prime Opportunity for the Service Provider – How to get started with MSSP
Just as small enterprises everywhere are searching for ways to shore up their protection and avoid business disruptions, financial institutions have an obligation to protect their business and their customers – and they need help.
Good help can be hard to find, especially when it comes to experts in the complex field of cybersecurity. Carriers who already are experienced (either by themselves or with partners) protecting their infrastructure and offering services to small and medium business can benefit from new revenue streams by offering security solutions to the financial sector. And it is of utmost importance that smaller financial institutions have the protection and resources available to act quickly when an attack occurs to protect their customers’ financial information.
There are three major ways a Service Provider can get into the business of selling an MSSP service:
- White label an existing service. This is the least risky of the options, and requires no upfront capital. It’s also the fastest way to bring a service to the market. The carrier gets to focus on sales, marketing, and back-office support, but delegates the security expertise and the technology to a partner. This can be sold as a part of connectivity or compute/storage services as part of a high-value bundle.
- Build your own service. This takes the most time, capital, and resources, but also offers the highest margins and overall NPV. If you have an in-house IT team that can operate and manage a network security solution, you can maximize your return on investment.
- Get the best of both worlds. A third option is to start with a white-labeled service before transitioning to managing it in-house. You forego large capital expenditures up front so you can focus on marketing and selling the service while building back-office operations and expertise. You’ll be able to quickly serve customers and gauge enthusiasm while planning to migrate operations in house over time to recognize the large profit streams in the later years.
Read “Cyber Economics: Validating DDoS Managed Service Delivery Models” to learn more.
Louis Scialabba is Director of Carrier Solutions Marketing for Radware and is responsible for leading network security and application delivery marketing initiatives for wireless, wireline and cloud service providers. Mr. Scialabba has 21 years of experience in the communications and networking industry in a variety of roles, including Solutions Marketing, Sales, Business Development, Product Line Management, and Engineering. Prior to joining Radware, Mr. Scialabba spent much of his early career at Tellabs, where he was Director of Mobile Routing Technology Planning for the 8600, 8800, and 9200 product lines. He later became the Head of North America Marketing for Aviat Networks. Mr. Scialabba earned a Bachelor of Science degree in Computer Engineering from the University of Illinois and a Master of Business Administration degree from St. Xavier University in Chicago.