A recent article in Forbes Magazine reports that big banks including Bank of America and J.P. Morgan Chase are pulling out all the stops when it comes to their cybersecurity budgets. According to the article, B of A CEO Brian Moynihan has declared that cybersecurity is the only area of his company that has no budget constraints whatsoever. Another financial giant, J. P, Morgan reportedly doubled its budget in 2015 from $250 million to $500 million.
The increased investment in cybersecurity should come as no surprise. As Infosecurity Magazine reported last year, the financial services industry is 300 times more likely to be the target of a data breach than any other sector. In another study, insurance company Lloyds of London found that cyber-attacks can cost organizations as much as $400 billion a year.
Putting more focus and dollars into data security is a wise move. However, increasing security posture depends as much on what you invest in, as it does on how much you spend. Like all industries, financial services is facing an increasing number of threat vectors and security challenges, including dependence on cloud-enabled services, an explosion of mobile devices in the workplace, and BYOD, to name a few. These vulnerabilities are being exploited by increasingly sophisticated and connected criminal hacker syndicates and nation-state attacks bent on thwarting whatever security solutions are put in their way. One only has to survey the high profile data breaches in 2015 to realize that throwing more money at blocking threats from gaining entry won’t necessarily solve the problem.
The answer is not to abandon critical preventive measures such as AV/heuristic indexes, sandboxing and IPS. These are important technologies that have a place in a sound cybersecurity strategy. But organizations need to consider adding technology that can protect the network after the evasive malware bypasses security, but before they have to call in the disaster recovery team to assess their losses. One way to accomplish this is to add traffic anomaly detection. This is technology that continuously monitors all outbound network traffic to detect anomalous behavior and contain suspicious data transfers before an active infection is discovered. Such technology can augment preventive measures like sandboxing, but it requires that banks and other organizations first accept that no security tools exists that can stop 100% of malware. Even with unlimited budgets, stronger cybersecurity readiness can’t begin without that acceptance.