Cloud infrastructure is pivotal to the financial sector; however, it also introduces new cyber risks. Trevor Dearing at Illumio argues that there’s a fundamental lack of understanding when it comes to cloud security. So, how can organisations gain a better understanding of cloud security and improve their cyber resilience?
The cloud remains a top priority across multiple industries, with Gartner estimating that global spending will increase by 20.4% this year to exceed $675bn. The financial sector is at the forefront of this trend, and the cloud is frequently highlighted as a central pillar in the future of banking.
Cloud infrastructure is pivotal to the industry’s rapid digital transformation. Research from Illumio shows that 98% of financial organisations already store sensitive information in the cloud, and 85% use it to run high value applications.
But while cloud migration has allowed institutions to reap the benefits of greater efficiency and new operational models, it has also exposed the sector to new cyber risks. Highly organised gangs are taking an aggressive approach to exploiting today’s highly interconnected digital infrastructure and financial organisations must urgently improve their resilience against these threats.
Why the cloud poses a security risk
While the financial industry has always faced a greater criminal threat than most, the International Monetary Fund (IMF) recently warned of a growing volume of cyberattacks on the sector. Along with more organised and aggressive adversaries, the growing threat is strongly connected to increased cloud adoption. The cloud is a primary target for threat actors seeking to breach financial networks due to its central role in hosting data and services.
Illumio’s research found that nearly half (47%) of all data breaches in financial organisations in the last year originated from the cloud. These breaches cost an average of $6 million – significantly higher than the global average of $4.1 million across all industries.
The IMF also found that the cost of the most expensive incidents, known as extreme losses, has climbed to $2.5bn. The impact of these extreme losses has increased fourfold since 2017.
The pressure for rapid cloud migration is a factor here, with organisations failing to align their security controls with the pace of their expanding infrastructure.
Just 38% percent of respondents in Illumio’s research said they had a strong understanding of the risk exposure around their cloud infrastructure, and almost all said they needed better visibility into their environment. The problem is many are still reliant on security measures like traditional network firewalls that were designed for on-premises environments and are unfit for the needs of the cloud.
This lack of visibility is an even greater risk with the interconnected nature of the cloud, where it’s easier for attacks to spread. Indeed, 40% of financial organisations in Illumio’s research believe it would be easy for attackers to find weaknesses in their environment and move laterally in a cloud breach.
Increasingly attackers access sensitive data or disrupt operations through service providers without breaching financial organisations directly. The IMF report warns of the risks around the dense web of third-party IT service providers surrounding financial institutions. Monitoring and managing security risks stemming from third parties also forms one of the central pillars of the upcoming Digital Operational Resilience Act (DORA) regulation.
The breach reported by Santander in May, for example, is reported to have stemmed from cloud storage provider Snowflake. The incident is believed to have impacted the data of around 30m Santander customers.
Strengthening cloud security through segmentation
Financial organisations must act quickly to get ahead of the criminal groups targeting their cloud infrastructure. The priorities are to harden cloud environments against intruders and minimise disruption when a breach does occur.
Network segmentation is increasingly recognised as a critical approach for achieving these aims. 90% of respondents in Illumio’s research said segmentation of critical assets as a necessary step in securing cloud-based projects.
Segmentation is an extremely effective security measure for the interconnected nature of the cloud because it divides environments into separate sections. Each area can only be accessed with proper authorisation, preventing attackers from freely moving between different applications and systems.
This drastically slows attackers seeking to move through the environment to exfiltrate valuable information or deploy targeted ransomware to encrypt data and systems. It also helps mitigate the inherent risk of interconnected cloud environments, preventing attackers easily exploiting connectivity with trusted partners and suppliers.
The need for a Zero Trust approach
Financial organisations are under intense pressure to be efficient and agile. Despite the growing cost of a breach, firms are strongly averse to security measures that may negatively impact their operational performance.
As such, network segmentation must be implemented in a way that blocks malicious actors but allows legitimate users and traffic to pass unimpeded.
One of the best approaches for achieving this is the Zero Trust security model, based on the principle of “never trust, always verify.” The strategy is a reversal of the usual default where trust is inherently given to users that pass simple checks with basic credentials. Instead, access requests will only be granted when risk-based verification requirements are met. The system can be set up so that legitimate users can easily pass authentication with no delay.
Central to a Zero Trust architecture is Zero Trust Segmentation (ZTS), segmentation using the principles of Zero Trust. ZTS enables organisations to see all interactions across their hybrid, multi-cloud environments and applies the ‘always verify’ principles to network segmentation. This prevents intruders from moving between different network areas simply because they have passed initial verification checks to enter the network.
Unlike traditional segmentation approaches that add risk and complexity to organisations, ZTS is highly dynamic, enabling financial organisations to easily adapt to the changeable nature of the cloud without the need for resource-heavy manual interventions. This is even more valuable when it comes to managing secure access for an increasingly large web of third-party suppliers using a myriad of different cloud services.
Finally, ZTS is ideally suited for meeting DORA’s aims in increasing financial cyber resilience. Implementing an effective segmentation strategy addresses core pillars of the regulation including risk management and third-party management capabilities.
Building resilience in the cloud
The cyber threat to the financial sector is only likely to escalate further as emboldened criminal groups refine their techniques. But financial firms are no strangers to fending off criminals, and have countless years of experience in creating checks and processes around identity verification. By applying the same rigorous approach to the growing cloud environments, organisations can protect customer data and ensure critical systems are resilient against disruption.
About the Author
Trevor Dearing has been at the forefront of new technologies for nearly 40 years. From the first PCs through the development of multi-protocol to SNA gateways, initiating the deployment of resilient token ring in DC networks and some of the earliest use of firewalls. Working for companies like Bay Networks, Juniper and Palo Alto Networks he has led the evangelisation of new technology. Now at Illumio he is working on the simplification of segmentation in Zero Trust and highly regulated environments.
