Network Security Breach Detection for Financial Institutions


Through Mark Towler, Senior Product Marketing Manager at Progress

The financial services sector is most at risk from cybercrime because, according to Forbes, 35% of all data breaches impact the financial services industry. The economy is based on the financial sector, which is now dependent on technology. Financial data is valuable and attractive, and the complexity of financial IT systems, with so many connections, creates a vast attack surface. Cybersecurity has become a priority technology investment to secure assets and effective network monitoring is essential.

Security breaches are a common and costly problem for banks and other financial organizations. A Vanson Bourne survey of 100 financial services decision makers in the UK shows that cyberattacks are becoming more frequent, reporting that 70% were affected by a security incident within twelve months. In addition to this, a Accenture Study found that the average annualized cost associated with data breaches for financial services companies worldwide has risen to $18.5 million.

When it comes to banking, there are specific risks and vulnerabilities in the customer journey and in mobile banking applications. ImmuniWeb studied external web applications, APIs and mobile applications from the S&P Global list (the world’s largest financial organizations in 22 countries). ImmuniWeb found that 91% of mobile banking apps contain at least one medium-risk security vulnerability. The main security risks lie within the company, as Vanson Bourne reported that most incidents came from “employees not adhering to security protocol or data protection policies.”

Let’s first look at the major security and compliance issues, starting with compliance. Being cavalier about taking over data has multiple repercussions for organizations, such as compliance breaches, regulatory violations, and hefty fines. Identities and authentication can also raise serious concerns, as financial institutions need to ensure secure, credential-based access to data and employees, as well as protect their entire technology ecosystem. Bad news travels fast in our digital age. A security history of customer privacy breaches can damage reputation, costing organizations immeasurable reputation repair time.

How does network monitoring solve security and compliance issues?

The financial services industry is particularly sensitive to compliance documentation and record keeping. Continuous network monitoring can collect and analyze vital data points and flag any suspicious activity to the IT team, preventing a breach. Compliance requires effective reporting, especially of security incident information, and network monitoring can provide analysis of archived logs that explain what happened.

Accessing an internal computer system is every financial hacker’s dream. A robust network monitoring solution will display all network elements along with configurations and access permissions, and alert IT if any of them change. It is essential to maximize security and protect all assets with a strong two-step authentication process.

To address this problem, the most sophisticated network monitoring tools allow the configuration of notifications and alerts for changes to network device configurations, as well as the ability to audit configurations against defined policies. It’s hard to know where to start with the many solutions available, but it’s important to choose a tool that has the following key features:

How to Choose the Best Network Monitoring Tool

  • Choose a solution with a robust alert system that immediately flags any activity of concern. The ability to receive actionable alerts and network reports is critical. Alerts should be easily customizable and delivered through a variety of channels (i.e. web, email, SMS/text, Slack, MS Teams, pager, etc.).
  • Equally vital is a tool that provides complete visibility into the status of network devices, systems, applications, servers, virtual machines, cloud and wireless environments, all in context. Clicking on any device should give immediate access to a wealth of related network monitoring settings and reports. It’s about seeing what’s connected to get immediate resolutions to queries.
  • You’ll need detailed visibility into your network traffic to see which users, apps, and devices are consuming the most bandwidth. By configuring bandwidth usage policies, you can view usage trends; any unusual usage could indicate a security issue.
  • Avoid the negative consequences of accidental or malicious changes to the configuration of network devices. Choose a tool with configuration management capabilities that lets you trigger a notification whenever a configuration changes. Being able to set up an action policy in the alert center is invaluable. This can automate a backup, add and remove users, or update firmware.
  • The most sophisticated network monitoring tools allow setting up email notifications and alerts for network device configuration changes and auditing the configuration against defined policies. Users should be able to view and compare device configurations in the device properties page and automate network device configuration backups for any device if configurations are lost.

The Common Alert Overload Error

Financial services companies make common and alarming mistakes, which can overwhelm IT and could be dealt with more simply by having the right network monitoring in place. The typical IT alert tools installed by banks can overwhelm IT, with Ovum research of banks revealing that 73% have at least 25 distinct security tools. Ovum found that 40% of banks receive an average of 160,000 false or irrelevant alerts every day.

We recommend ensuring that alerts are only issued when someone needs to log in and do something. If you send an email from the surveillance system and no one had to log in and do anything, you’re spamming them and have to reconfigure the system. Note that particularly sophisticated network monitoring solutions can not only identify device dependencies to reduce alert storms, but can also implement self-healing actions (such as restarting a device) that can resolve network problems without IT intervention.


Comments are closed.