When financial institutions are considering proper cybersecurity controls, three specific areas must be addressed: preventive controls, detective controls, and corrective controls.
• Preventive controls are exactly what their name implies…controls put in place to impede unauthorized access to the network.
• Detective controls are used to provide insight and visibility into malicious activity, breaches and attacks on an enterprise’s network.
• Corrective controls are controls that are intended to limit the damage caused by a cyber incident and to restore the financial institution to normal working status as quickly and efficiently as possible.
For Preventive controls, employee education is perhaps the most important aspect.
Employees with a good working knowledge of the threat landscape will do wonders in helping protect your institution. Additionally, some very effective preventive controls to consider are:
1. Minimize data access by only collecting what you need, reducing the number of places where you store data, limiting employee access to data, and purging the data whenfinished. Remember thieves can’t steal it if you don’t have it.
2. Conduct a periodic risk assessment focusing on new areas or levels of risk.
3. Look beyond the network when assessing risk. Consider things such as employee
exit processes, data storage practices, and physical safeguards.
4. Keep current with all security software updates and patches.
5. Make sure all third-party vendors are held to the same high security standards as your institution.
For Detective controls, while it is impossible to prevent all intrusions, the earliest possible threat detection is critical when it comes to limiting the extent of damage caused by a breach. Historically, financial institutions have spent the majority of their security resources on preventive controls, but being able to quickly and efficiently detect malicious activity is just as critical, as the impact of an attack will be greatly reduced through strong detective controls. Some detective controls are:
1. Passive Intrusion detection systems that monitor the network for malicious activity or policy violations. These differ from firewalls in that the firewall looks outwardly for intrusions in order to stop them from happening, while an IDS evaluates a suspected intrusion once it has taken place.
2. Firewalls that limit access between networks and look outwardly for intrusions.
3. Anti-virus software
4. Components outside the network such as security cameras and other access
Corrective controls are also an important part of the control equation, as time is literally money when it comes to correcting a breach when it occurs. The longer a breach goes uncorrected, the costlier it becomes. Some effective corrective controls for financial institutions include:
1. Active intrusion detection system. This is an IDS that actually provides real-time corrective action in case of a breach.
2. Backup and system recovery systems.
3. Maintenance and analysis of the activity logs from previous incidents in order to help
determine courses of action.