.svg)
.svg)
Prevention, Detection, and Alert Scores in Financial Services
Cybersecurity operations in the financial services sector are developing rapidly, and it is bringing challenges and improvement opportunities together. Based on the Picus Blue Report 2024, this blog post discusses the finance sector's threat prevention and detection capabilities, identifying gaps and suggesting critical areas for improvement. The BFSI industry, which deals with highly sensitive financial data, has achieved significant effectiveness scores in prevention, among other sectors. However, areas such as the widening gap between log scores and actionable alerts and the vulnerability to advanced threats like ransomware remain concerning and require further analysis and improvement.
Cybersecurity Gaps and Gains in Financial Services for 2024
According to the McKinsey 2023 Cybersecurity in Financial Services report, only 31% of financial organizations feel confident in their ability to meet emerging cybersecurity challenges but still need to prove their security readiness to avoid incidents. The question that follows this statistic is, "Is this level of confidence being validated?" Although organizations in finance have confidence in being threat-centric, it is important to validate their risk to ensure an improved security posture. The Blue Report shows that 3 out of 10 financial organizations still face problems with prevention.
In 2024, the BFSI sector showed a slight increase in prevention effectiveness, with the score moving from 67% to 68% on the Blue Report. While this is a positive improvement, it is not enough to make cybersecurity and risk leaders confident in this field because of the increasing sophistication of cyberattacks targeting financial institutions.
Financial institutions manage highly sensitive data, making robust prevention mechanisms critical. Even though it is encouraging to see the sector improve in this field, the small gains are not enough to fight against the growing number of sophisticated cyber threats, particularly those from state-sponsored groups and advanced persistent threats (APTs).
Graph 1. Prevention Effectiveness Score by Industry
Better Logging or Better Alerting? Which to Pick for Financial Services
An important factor driving expectations for improved detection effectiveness is the increased investment in the finance IT sector. According to Gartner's 2023 Global Security and Risk Management forecast, end-user spending on security is projected to reach $215 billion in 2024, a 14.3% rise from 2023. This is reflected in a steady increase in security budgets as a share of overall IT spending, growing from 8.6% in 2020 to 11.6% today. For CISOs and security leaders, the challenge is how to translate this increased investment into better prevention and detection capabilities, ensuring teams are empowered to effectively reduce cyber risks. Given the need and speed of digital transformation in financial firms, it would not be wrong to say that the rate of increase in investment in cybersecurity will be higher.
The expected output detection posture that naturally occurs after increasing investments is to improve and move forward, but despite the current increasing budgets, when we look at the statistics in Blue Report 2024, despite the improvement in the logging score, the decrease in the alert system score that enables SOC teams to receive information about potential critical threats is a big problem for leaders managing budgets. With most boardrooms now recognizing the importance of investing in cybersecurity, we expect further growth in the budget increases mentioned, and it will result in an increasing need for security leaders to demonstrate the effectiveness of their security controls, deliver continual improvements, and achieve the best return from budgets by validating their exposures.
The BFSI sector has made substantial improvements in logging capabilities, increasing its log score from 34% in 2023 to 50% in 2024. This improvement reflects dedicated attention to logging security events and ensuring real-time monitoring of potential cybersecurity threats for financial services. While recording and logging everything is valuable for any post-incident evaluation or system improvement, the decline in the alert score is still a major concern. Despite improved logging, the BFSI sector has experienced a significant drop in alert scores, from 18% to 6%. This underlines a widening gap between detecting threats and responding to them effectively. Critical threats could go unnoticed without proper alerts, exposing financial organizations.
Alerts that are not generated by comprehensive logging will cause visibility problems, causing SOC teams to not quickly identify incidents and take appropriate action to respond to and mitigate the threat. Financial organizations should consider continuously improving their detection posture, so the ultimate goal should be to collect the right log and then generate meaningful alerts that do not overwhelm the SOC.
Graph 2. Log Score by Industry
Another research by Picus Labs, Red Report 2024, also reveals a 333% increase in malware that targets and disables security controls. Dr. Suleyman Ozarslan, Picus Security Co-founder and VP of Picus Labs, characterizes these threats as hunter-killer submarines since this malware is ultra-evasive and highly aggressive. The Picus Labs team found another key finding in the Picus Blue Report 2024, which was that 40% of tested environments were vulnerable to domain admin access. When we consider the drastic shift in adversaries' ability to identify and neutralize advanced enterprise defenses, it means a critical threat that could go undetected if the log-alert gap isn't closed in BFSI organizations.
Graph 3. Alert Score by Industry
The Growing Threat of Ransomware in Financial Services
Ransomware remains a top concern for financial institutions, and the Picus Blue Report 2024 revealed that BlackByte ransomware was the most difficult to defend against, with only a 17% prevention rate.
Sophos' State of Ransomware in Financial Services 2023 report indicates that ransomware incidents in financial services are among the most costly cyberattacks, with attacks becoming increasingly sophisticated and more complex to detect, echoing what Picus Labs found in Picus Red Report 2024 after analyzing more than 600,000 real-world malware samples.
Graph 4. Least Prevented Ransomware Group
Key Recommendations for Financial Services Cybersecurity
More spending does not translate into enhanced security posture. To enhance threat detection and prevention, financial institutions should focus on:
- Implement Continuous Threat Exposure Management (CTEM): Adopt a holistic approach to cybersecurity that helps security teams focus on the exposures that will impact risk reduction most effectively.
- Start alert and log validation: Simulate real-world threats to address major log and alert management challenges and transform SOC processes for proactively tackling advanced threats.
- Rationalize cybersecurity spending: Validate security controls to ensure all devices are secure. Maximize ROI on security investments through exposure validation before new investments.
- Know your risk level: By simulating real-world attack scenarios, BFSI organizations can identify vulnerabilities before they are exploited, ensuring the security of financial transactions. Continuously validate your risk with real-world simulations prioritized within your regulatory and business context.
The BFSI sector has made significant progress in logging and prevention, but the growing gap between logging and detection remains a significant concern. As threats become more complex, financial institutions must prioritize investments in exposure validation and continuous threat exposure management to strengthen their prevention and detection capabilities.
To learn more about the BFSI sector's cybersecurity performance and how to close the log-alert gap, download the Picus Blue Report 2024 today or request a demo.
