By Nicolas Cambolin, Global Director Data Intelligence at Talan
All business sectors, without exception, public or private, face growing cyber security risks. Targets are detected automatically and globally ; there is no distinction between a hospital or a bank.
The expansion of cloud services, particularly in the financial sector, increases this risk and invites companies to adapt their defence strategy accordingly.
External or internal attacks generally aim to degrade the availability, integrity, confidentiality and traceability of an organisation’s information system components to derive a profit. The Covid-19 crisis has brought about radical change by generalising remote working and accelerating the adoption of cloud services. This unprecedented move immediately raised questions about the impact on information security.
According to the report of the European Commission “Cybersecurity – Our Digital Anchor”, cyber crime cost 5,500 billion euros worldwide in 2020. The variety and sophistication of attacks is growing, and it has become a strategically important topic for states. The main forms of attacks are Social Engineering (spear fishing, fishing, scareware, Business Email Compromise, etc.), Ransomware, DDoS (Distributed Denial of Service) and the exploitation of vulnerabilities in third-party software and cloud services.
Recent examples illustrate this new reality. In May 2021, Colonial Pipeline, a major US oil transportation operator, saw its operations blocked by a ransomware. The shutdown of the pipeline is rapidly causing fuel shortages. The bitcoin ransom ($4.4 million) was quickly paid, and a program s sent by cyber criminals to unblock the situation. The support of the F.B.I. will make it possible to recover nearly half of this amount. The attack also allowed the theft of employee data, and it appears that an unused but active account with remote VPN access without strong authentication allowed entry into the company's information system.
Asset and wealth management players have been relatively spared to date, as the attacks have been largely concentrated on retail banks or insurers (cf. Flagstar, CNA Financial or Axa). However, the financial stakes are at least equivalent, and this could therefore change.
For companies under the supervision of an AMF, FINMA or CSSF regulatory authority, these threats incur a dual risk, both operational and non-compliance with regulations such as the level of capital, data retention or business continuity plan and (IT) resources. The sector focuses heavily on the former and sometimes neglects the latter. Priority is given to data protection, such as the identity of investors, the content of managed portfolios or proprietary investment strategies.
Since the authorities have paved the way (supervised) for cloud companies, projects have been multiplying. The aim is therefore to ensure that their security system fully integrates the hybridisation between the internal information system and the cloud, following the following logic:
- Identify : accurately map cloud-hosted applications and their links with internal applications; master the shared responsibility model on security between cloud providers and the enterprise (IaaS, PaaS and SaaS) as well as the cloud security services that are activated (VPN, Key Management System, SIEM, etc.);
- Protect : control the interconnection and partitioning of the cloud network – internal (e.g. IPS VPN tunnel); secure data in the cloud in transit - storage - in use according to their classification level, filter the internal/cloud IS flows in both directions, manage identities and access rights synchronously internally - cloud; administer the security of privileged access rights such as cloud console administration accounts; manage "nomadic" remote access, particularly those that access cloud applications;
- Detect : consolidate and correlate the detection and processing of cloud-internal incidents; ensure the logging of cloud security events;
- Respond and Recover : manage the Disaster Recovery/Business Continuity Plan cloud backups; activate specific clauses with cloud providers.
The "fortresses" that had been built on-premises by banks to secure their sensitive data and that of their customers, as well as the culture of confidentiality, are confronted with hyper-connectivity, openness and hybridisation of information systems with cloud services. At the same time, cyber threats are becoming more sophisticated, increasing and attacking on all digital fronts. Asset & Wealth Management players must, therefore, sharpen their security systems in order to cover these new borders and minimise operational and regulatory risks.