The fight for cybersecurity can affect all sorts of companies. However, there are businesses that, because of their very nature, are more sensitive than others. The banking sector is one of them: beyond the profit and loss statement, any cyberattack on a bank could have serious repercussions on the entity’s reputation, given the damage that could be done to client and stakeholder trust.
So, how can financial companies, or those in other sectors, defend their interests against cybercriminals? To find out, we spoke to Alejandro Aliaga, SOC Manager of the bank Grupo Cajamar, which opts to forgo reactive approaches and chooses to implement preventive strategies.
Company directors have often thought of cybersecurity as just another element of business strategy, but not necessarily a vital one. Has this perception changed at all?_
A.A: The large volume of cyberattacks that we’ve seen in the last few months, and their being reported in the media, has encouraged the management of many organizations to start to worry and to start to consider including cybersecurity as part of their strategy. Although we’re seeing certain changes, we heads of cybersecurity need to keep working to involve management more. We also need to keep striving to ensure that the role of management isn’t limited to just reading about the organization’s current situation in reports. It is our job to make them see how important it is that they lead cybersecurity initiatives, with the help of the CISO.
What do you think are the main cybersecurity challenges facing companies these days?_
A.A: In 2020, we’re very likely to still see attacks like those we saw towards the end of 2019, combining phishing and ransomware. Protecting our organizations against these kinds of attacks is perhaps the main challenge that is making us lose sleep. Unfortunately there’s no miracle cure to stop these kinds of attacks. What’s needed is to combine organizational measures and new security controls, with training and awareness campaigns for the end user.
We see trends like Open Banking, which aim to improve user experience thanks to interconnectivity between banks and third parties. How can a balance be achieved between improved experience and network security?_
A.A: Network security must be adapted to this new framework with reinforced authentication systems when a transaction is carried out. The incorporation of biometric recognition systems won’t affect user experience, since these technologies are increasingly common. This ensures a balance between security and user experience.
The weakest link in the cybersecurity chain is often the employee. What training should employees receive so that they don’t fall for phishing emails or the CEO fraud?_
A.A: They need to know how these attacks are carried out, what techniques they use, and how cybercriminals create malicious emails, as well as the implications they could have for the organization. With this knowledge, they’ll be able to identify any suspicious activity and contribute to preventing security incidents.
How useful is threat hunting when it comes to preventing incidents?_
A.A: We should understand threat hunting as a proactive threat identification process, where the security team adopts the role of the hunter. Using it can help prevent security incidents inasmuch as the strategy to hunt threats isn’t focused exclusively on hunting for traditional IoCs. Instead, it focuses on searches and investigations aimed at discovering the TTPs (tactics, techniques, and procedures) used by cybercriminals in their attacks.
Understanding how these threats work is vital for ensuring our company’s activity, as well as helping security operations centers (SOCs) to implement the controls needed to detect these same threats. A reactive stance based on monitoring security alerts is no longer enough; quite the contrary: organizations must start to migrate their defense strategies towards a more proactive blueprint. We need to start acting as if we had already been compromised, to hunt and analyze the threats that may have slipped past unnoticed. Despite the undeniable utility of this kind of approach, it is important to remember that it is complex, and requires maturity.
There is a lot of talk about the role of blockchain in cybersecurity. Can it really help, or is its importance overstated?_
A.A: Currently, everything surrounding blockchain and cybersecurity is halfway between expectations inflated by the hype surrounding this technology, and an air of disappointment. Without sinking into despair, numerous studies have show that it can be applied to several areas, such as digital identification, digital signatures, and even as a system to guarantee the integrity of stored data.
We’ve probably gone beyond the hype stage, and we’re now in the valley of disappointment. And, even though blockchain is one of the most disruptive and complex current technologies, it may still be too early to see its true potential. We’ll have to wait at least two or three years to be able to see its widespread use in digital signatures or digital identities and so on.
According to the IDC 2019 Global DNS Threat Report, the financial sector is the sector that has received the most DNS attacks in the last year, with 88% of those surveyed affected. What measures should these entities implement to deal with them?_
A.A: To avoid these kinds of attacks, security must be improved by monitoring DNS traffic with tools to determine whether the request made by the application poses a risk. This way, we can avoid communication with cybercriminals’ C&C (command and control) servers or the exfiltration of information.