Financial institutions are a storehouse of attractive data for attackers. Although most attacks against financial organizations don’t necessarily succeed in emptying coffers outright, other information—such as PII (Personally identifiable information) related to customers and employees—is just as valuable. In addition, attackers have stolen money directly from banks in the past (see the 2016 SWIFT attacks), so this isn’t a threat that banks can discount.

Attacks against banks have dramatically increased in scale and multiplied in complexity. In 2020, attacks against banks rose 238% in an increase tied to the COVID-19 pandemic, but even a decrease in 2021 would still leave threat levels well above normal. Attackers aren’t just trying to steal information—data breaches now include:

• Ransomware designed to paralyze banking operations until the victims pay a toll
• “Wiper” malware that erases data after it’s stolen, concealing attackers from digital forensics
• Supply chain attacks take advantage of software or service vendors with access to banking systems, using their connections and credentials to infiltrate networks at FSIs (Financial Services Industry).

Lastly, even if an attacker can’t steal information directly from a bank or paralyze it with ransomware, they can still disrupt its operations with nuisances such as DDoS attacks. Imperva recorded a 30% increase in DDoS attacks versus banks in 2020, with many attacks including a ransom component—e.g., “we’ll stop disrupting your network if you pay us in Bitcoin.” DDoS attacks often prevent customers from making deposits or withdrawals online, causing severe reputational damage in just a short time. The temptation to pay the ransom is strong.

No matter whether you pay a ransom or not, your bank will pay a high price in the event of a successful cyberattack. The IBM 2020 Cost of a Data Breach Report suggests that banks will incur a total cost of $5.85 million in the event of a data breach. This includes the cost of stolen data, downtime, fines, reputational damage, and more. What defenses should you invest in to defray this ongoing risk?

Secure FSI with Network Visibility and Threat Detection

Let’s assume that you’re already doing the commonsense things designed to protect your company.

• You’ve established a suite of security tools, including firewalls, antivirus, IDS/IPS, etc.
• You’ve trained your employees not to click on suspicious links, to forward suspicious emails to the IT department, and to verbally confirm unusual money transfer orders.
• You regularly perform vulnerability scans to catch unpatched applications, and you order quarterly penetration tests to review your security posture.

Despite all this, attackers still have a decent chance of getting through your defenses—so what extra steps should you be taking?

One vulnerability to consider is that many (perhaps most) banking employees are still working from home—even vaccinated workers still enjoy remote work. This widens your attack surface and keeps the IT department working overtime. As you struggle to keep the WAN and VPN free of performance issues, hackers can take advantage of your blind spots.

What’s more, other system pressures are making you more vulnerable. The drive towards open banking—in which banks make their data available using APIs—is great for functionality, agility, and mobility, but it can also make banks more exposed to supply chain attacks. Mobile banking, cloud adoption, microservices architecture, and other advancements all represent security tradeoffs.

In response, banks need to adopt modernized network monitoring and security solutions, as traditional monitoring and security solutions typically inspect traffic that goes across the network—what we’ll call north-south traffic. With the movement towards cloud implementations and SaaS applications—only 17% of organizations are reporting visibility into this east-west traffic, according to the 2020 SANS Network Visibility and Threat Detection report.



The same SANS report indicates a large gap in visibility across all industries. Less than 40% of respondents were able to report confidence in their ability to discover every endpoint connected to their network. Meanwhile, almost 60% of respondents reported feeling a high or very high level of risk related to their lack of visibility.

The truth is that traditional monitoring tools and architectures don’t do a great job of securing the enterprise. The perimeter is in tatters. The best way to monitor traffic is instead to capture the data flows between applications and clients. Companies can augment this understanding by using corporate interception proxies to decrypt traffic that might be disguising malicious communications, and by sharing network flow data with security teams to identify large traffic sources.

Close the Visibility Gap and Protect Against Network Downtime

Right now, finance, banking, and insurance companies are vulnerable to more aggressive cyberattacks because their traditional security tools don’t protect against attackers that move laterally and attack the supply chain. In addition, they can be hobbled or taken offline by DDoS attacks, which hurt their customers and cause reputational damage.

For the first problem, Garland provides packet visibility through network TAPs and packet brokers. These allow network architects to capture more information in more places, which in turn lets them direct previously unmonitored east-west traffic to their security solutions. By detecting threats that move within the network rather than through it, administrators can mitigate intrusions that might otherwise have been invisible.

Addressing the issue of network downtime, Garland also provides inline bypass TAPs to provide added resiliency and redundancy to inline security tools to ensure network uptime. This means that when attackers try to bring your network down, your active cybersecurity tools are always protecting, and you’ll be able to ensure the continuity of your 24/7 services and continue serving your customers.

Some of the biggest financial institutions in the world trust Garland to provide enhanced network security and monitoring tools.

Looking to add an Inline Bypass or TAP Visibility to your security deployment, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do.