Wrapping up our cybersecurity week on Halloween has us thinking of things that scare our industry most. Among the more frightening things: cybersecurity threats. With 1,253 publicly reported data breaches and 2.1 billion in estimated losses, there are plenty of reasons to lose sleep over phantom hackers and the latest creeping cybersecurity threats. But fear not! We’ll explore ways you can protect yourself and your users as we outline some of the top questions cybersecurity experts at financial institutions (FIs) are asking.

How Do I Get Ahead of Cybersecurity Threats?

Denials of service, credential stuffing, phishing, and brute force attacks remain common. According to the 2019 Verizon Data Breach Report, 88% of attacks were motivated for financial reasons. Of the data compromised, 43% included personal information across 927 incidents, 207 of which were confirmed as disclosing data.

Whatever the threat, there are ways to proactively defend your FI. Aside from using a proven, secure cloud platform like Amazon Web Services and implementing security in design, development, and deployment of your application(s), a sound governance structure will strengthen your security posture. For example, here’s how we’ve structured our governance at Alkami:

• We establish a Master Information Security Policy (MISP)
• Our Information Security Steering Committee (ISSC) meets twice-a-year in independent and joint sessions with our Chief Information Security Officer (CISO) and Chief
• Compliance Officer (CCO)
• The Alkami Office of Chief Executive (OCE) reviews the Information Security program on a monthly basis
• ISSC meets on a monthly basis to review and direct information security program
• The company facilitates collaboration between Information Security, Compliance, Technology, and the rest of the enterprise
• FFIEC Risk Assessment takes place
• PCI and SOC 2 Type 2 assessments are held

Where Can I Get Help with Strengthening Security?

Use bot mitigation tools to help prevent bot-driven denial of service attacks. Here’s how they work:

• Machine Learning algorithms analyze traffic
• Continuous scoring of the traffic determines if it is human driven or bot driven
• After a brief learning period, bot management takes over and stops malicious traffic

Keep your cloud platform secure. High profile security breaches that have taken place on Amazon Web Services have largely been caused by user error. Some of the biggest recent security incidents have been caused by poorly configured Simple Storage Service (S3) resources: employees have left 7% of all S3 buckets publicly accessible and 35% unencrypted.

Amazon has added new rules to avoid these slip ups: new, public facing S3 buckets cannot be created except by a small number of authorized accounts. Security teams are also alerted when new public facing S3 buckets are created.

When Should I Use MDR or MSSP?

Managed Detection and Response (MDR) services are becoming increasingly prominent for cybersecurity defenses. But many cybersecurity stakeholders aren’t clear on the distinction between a Managed Security Services Provider (MSSP) and MDR:

MDR

• MDR services use proprietary algorithms and technology to reduce alert overload; infrastructure is provided by client
• Pros
  • Cost effective
  • Noise reduction
  • Zero Trust setup
  • Higher level of security expertise
  • Network effect optimization
• Cons
  • Not in-house

MSSP

• A Managed Security Services Provider (MSSP) handles security infrastructure and Tier 0 analysis
• Pros
  • Cost effective
  • Noise reduction
  • Tier 0 talent
  • Broad insights
• Cons
  • Lack of personalized support
  • Little assistance in investigations beyond Tier 0
  • Hard to do Zero Trust

Legacy MSSP traditionally provides security device management and monitoring with automated forwarding of events, which includes very little or no analysis. MDR goes beyond MSSP to provide more advanced services that detect threats and include investigation comments by security analysts.

Outsourced security for managed services is offered by large consulting companies and outsourcers. Product vendors such as CrowdStrike, FireEye, etc. offer endpoint detection and response services.

With security executives more accountable than ever in an increasingly advanced threat landscape, keeping your FI secure can seem like a scary task. But when security experts take a holistic view of their data, where and how it’s stored, who has access to it, and where it goes, they can take the right steps using the right tools to strengthen security for their FI and ultimately their users.