Doing More With Less: Security Integration and Automation within the Financial Sector

With many financial institutions continuing to feel an impact from The Great Resignation, and seeing tighter budgets across the board in 2023,  security leaders are being asked to do more with less.  So far in 2023, many organizations are hesitant to hire additional staff or even backfill open positions—forcing many security leaders to make do with fewer people than in the past. 

According to a recent “What’s Going on in Banking” report from Cornerstone Advisors, two of the top-five concerns for banks right now are the ability to attract qualified talent and  cybersecurity. With that in mind, how can banks and other financial organizations prioritize customer security in an increasingly sophisticated threat landscape with fewer or not-qualified resources? 

Maintaining a successful security program in these uncertain times will depend on consolidation, integration, and automation going forward. Here are some steps that financial institutions should be taking. 

Consolidation: Reducing Complexity and Optimizing Operations

Complexity is the enemy of security. With technology consolidation and movement to secure access service edge (SASE) solutions, security operations can become more simplified, which places less day-to-day demand on human security resources. 

CISOs can move existing staff from managing more repetitive tasks (e.g., applying patches, configuration management, installing new releases) to higher value activities such as threat hunting or proactive risk management. A platform-based approach to security is an effective way to start consolidating solutions and functions.

Integration: Maximizing Investments and Applying Intelligence

A platform-based approach can also help maximize the value of existing security investments outside your SASE stack through solution integration. This may include email security, endpoint protection, identity management, and security operations functions. Additionally, integration offers the ability to apply threat intelligence across all systems for quicker incident response and better prevention against emerging threat variants. In short, integration increases your risk management capabilities while reducing your attack surface. 

There are two primary ways to enable integration between your security platform and the other existing security solutions deployed across the organization. One way is to write your own custom APIs to integrate these products. The other option is that many solutions already have their own pre-written APIs, which may need slight modification for your particular environment. Regardless, it’s important to remember that not all security platform vendors are equal when it comes to ease and efficacy of solution integration. You’ll want to carefully choose a platform that’s designed for this from the ground up—capable of integrating with all the best-of-breed products that exist outside the SASE interface architecture. And this becomes a critical consideration as we move to the next phase.

Automation: Accelerating Protection and Eliminating Errors

After you integrate, you’re ready to automate. Automation not only eliminates staff hours spent on repetitive tasks (the core essence of doing more with less), it also reduces human errors that expose organizations to unnecessary risks. As current Verizon research shows, 82% of global breaches involve the human element. Another recent report on risk management in financial services shows that more than half (54%) of surveyed cybersecurity professionals currently use automated behavioral analytics tools to detect potential risk indicators among employees.

Identity management is another area where automation offers high-value benefits. Most organizations already automate things like password resets. But automation can also help with things like regular review of access controls. Over time, things can creep up and pretty soon you’ve got one person with way too much access or instances where people change roles, but their clearance level hasn’t kept up. Automating these reviews can help you manage that process with greater speed and accuracy.

SIEM and SOAR automation is also essential. When something like a ransomware attack spreads across your organization, it happens very fast—and a human can’t react quick enough to stop it. One of my colleagues set up automation that could shut down an entire segment of their network and isolate an attack with just one click. This was important because as a global organization, they needed the ability to instantly quarantine one specific region in order to stop malware from impacting all the other parts of their operations across the world. 

If you’ve got hackers in your system, automation can also help you isolate any systems that may be compromised. In at least one major breach that happened recently, there were actually alerts in the SIEM that showed the company had been hacked—but nobody saw them. Vast amounts of data and alerts come through these systems on a continuous basis. SIEM automation can help process alerts, weed out false positives, and do a first-level response to any actual events, while escalating the situation to human security teams for further action. 

Automation is really the only way a company can manage the number of alerts that come through each day—whether they’re large or small organizations. And recent research shows that fully deployed security automation reduces average breach cost by 65.2%.

Extracting Better Risk Management from Fewer Resources

Consolidation, integration, and automation can help financial institutions combat two of their biggest concerns right now: a shortage of qualified personnel and rising cybersecurity risks. Even if economic pressures subside in the coming months, this approach can provide better protection while allowing security leaders to allocate existing resources to higher-value activities for keeping the business safe.