• 1000

Financial service providers are increasingly digitising their business, and it is particularly important for them to take IT security measures. This is the only way they can take full advantage of the opportunities offered by the digital future and open up new markets. Unfortunately, cyber attacks are also part of the digital future. Banks, insurance companies and asset managers must accept this - and protect their business with security and defence measures.

We would be happy to help you analyse your individual and business-specific threat situation. Whether it's a hacking attack, computer fraud or data theft - we support you in finding the optimal balance between costs and risks. Together with you, we develop sensible measures for the detection and defence against cyber risks and create a strategy for your IT security.

The three most important security trends

What options do financial service providers have to respond to information security threats?

Even with comprehensive prevention measures, cyber attacks cannot always be avoided. Therefore, it is important to detect attacks quickly, limit the damage and eliminate potential causes.

A wide pool of technologies and procedures are available to mitigate the impact of potential cyberattacks. Some examples are: Identity and Access Management (IAM), risk-based access control, multi-factor authentication, Security Information and Event Management (SIEM), High-Privileged User Management (HPU/PIM), Consent Management and many more.

But the three most important cyber security trends for this are: Detection & Response (D&R), Identity & Access Management (IAM) and Cloud Security (CS).

D&R: Detection & Response

According to BaFin, one weak point is the insufficient investment in the ability to identify threats (early detection of cyber attacks) and to react adequately to cyber attacks that have occurred. One approach to building such detection and response capabilities is to establish a dedicated Security Operations Centre.

As cyber attackers continue to evolve their tools and approaches, financial service providers struggle to keep up with ongoing changes. They depend on up-to-date and comprehensive situational information to be able to assess threats correctly. In particular, the collection and evaluation of up-to-date data generates a considerable amount of effort.

A Security Operations Centre closes this gap, it is a kind of control centre within an IT department responsible for monitoring, detecting and isolating incidents. This leads to cyber resilience, a characteristic that goes far beyond pure cyber security. Rather, it is a comprehensive approach to protecting IT from cyber attacks and ensuring and resuming operations after attacks have occurred. Essential components of cyber resilience are measures and concepts of cyber security, computer forensics, information security, disaster recovery and business continuity management. The goal is to create a high level of robustness of the IT infrastructure against threats. At the same time, the risk of an operational failure is to be minimised.

BAIT, VAIT, MaRISK, MaGo and ECB audits clearly point to the need for regulated SOC operations, 24/7 monitoring and clearly defined and structured processes. Legal requirements through the GDPR also presuppose structured monitoring as the "state of the art".

IAM: Identity and access management

Identity & Access Management (IAM or authorisation management) is one of the focus topics of regulatory authorities such as Bafin or the ECB in the context of IT compliance audits. Extensive, unmonitored access authorisations and compromised login data can be used by banks, insurance companies and asset managers as gateways for cyber attacks from the outside as well as the inside. In order to protect one's own company and sensitive strategic and business data from attacks by ransomware, phishing e-mails, malware or other types of attack, a robust, holistic IAM is required.

IAM is the umbrella term for all policies, definitions, processes and controls that revolve around the management and monitoring of users and their access rights to functions and data, and is an important part of IT governance. The main goals are to ensure the minimum principle (o. a. need-to-know principle), the separation of functions (o. a. segregation of duties) and the monitoring of so-called highly privileged users (HPU).

A modern and secure IAM manages all identities and authorisations of natural users (employees, external service providers, customers, etc.) as well as technical and / or functional authorisations within the system architecture of the company. It is therefore important that an IAM is integrated holistically and centrally into the company.

The main functional/technical challenges here are in particular:

  • The implementation of a central, modern IAM solution (on-premise or cloud) to create...
    - a central target inventory of all authorisations (avoidance of data inconsistencies).
    - Uniform, centrally managed processes and controls.
    - automation and thus increased efficiency.
  • Necessary changes in the structural and procedural organisation, e.g.:
    - Creation of a central IAM unit that functions as a risk manager for the topic of IAM beyond the functional / technical support.
    - Extensive integration of the specialist departments in the IAM processes in their role as information owners and risk bearers.
  • The supervision (logging and monitoring) and management of HPU through the implementation and use of an appropriate tool (e.g. PAM tools)
  • Implementation of a leading IAM system and avoidance of duplicate data storage
  • Bank-wide dovetailing of IAM by automating interfaces to IT operations, information risk management, SIEM, BCM
  • Complex, heterogeneous IT landscapes that often lead to...
    - different authorisation procedures are used
    - central directory services (e.g. ActiveDirectoy) are only partially used.
    - different depths of authorisation structures exist for each application/infrastructure component.

Cloud security

According to BaFin, the third weak point for banks, insurance companies and asset managers is the insufficient monitoring of third-party providers and supply chains - such as cloud services. These are on the rise in the financial industry and will play a much greater role in the future, especially when building platforms with other companies or digitising the "customer journey". 

The cloud offers a variety of security functions for this, which can be adapted to the solution within the framework of a developed and implemented security concept. The first security barrier is identity and access management using multi-factor authentication and possible use of the Active Directory implementation. Within the cloud, data is encrypted - especially keys and passwords are only stored in code. An additional division of the network into different segments increases security. Furthermore, it is also necessary to connect the cloud to the SOC to ensure the overall view of corporate security. Generally, an overarching IT security approach with the Cloud Posture Management Framework helps here.

We help our clients to pick up on the current and future security trends of digitalisation and transfer them into individual technical solutions. In particular, we support clients in the selection of suitable technology, its conceptual design, the technical implementation and the operation of the built solution.

To realise this task, we can draw on strong knowledge of the client environment and the associated regulatory requirements combined with deep technological expertise and broad implementation experience. 

Are you interested or do you need further information? Please do not hesitate to contact us.