Over the last 20 years, the threat landscape has changed drastically. What was once a grumpy teen hiding behind a computer desk attempting to steal money from small organisations has quickly grown into a sophisticated network of cyber criminals targeting businesses big and small. Often, these threat actors operate in highly organised groups, deploying increasingly sophisticated tactics and leveraging the latest in AI-driven technology to gain access to lucrative data.
Nowhere is this shift felt more than in the financial services sector. Nearly 50% of financial services organisations surveyed in the past two years have experienced a security breach. The sector is notoriously fertile ground for cybercrime, given the monetary gain for fraudsters, vast amounts of sensitive personal information, and a complex network of supply chains.
In light of this, the EU’s new Digital Operational Resilience Act (DORA) comes at a crucial time to strengthen the sector’s cyber hygiene. Under DORA, financial organisations operating within the EU, along with their third-party information and communication technology (ICT) providers, are required to comply with new technical standards designed to assist organisations in recovering from cyber risks.
This legislation comes into force as threats continue to grow in scale and severity. As such, solid precautions are no longer a choice; they’re a necessity for organisations looking to remain compliant. Businesses must have well-defined policies in place for managing ICT risk, particularly those related to outdated legacy systems and unauthorised access.
Securing large supply chains
Due to the large and often complex nature of financial services supply chains, it’s becoming increasingly difficult for organisations to gain adequate visibility into users’ access permissions. Improper access results in weak spots, creating a wider range of opportunities for hackers to strike. Whether through mergers and acquisitions or growth with partners, larger supply chains allow for more users and identities to operate freely within the chain, often unchecked.
This rise of remote workers, partners, and contractors entering systems means identities can easily fly under the radar, leading to security risks like ‘overprovisioned’ access. This lack of oversight into users operating within financial supply chains opens significant cyber vulnerabilities, increasing the risk of bad actors compromising identities, or unintentional mishaps by users with too much access, such as accidental misplacement or deletion of files. With many financial organisations concerned about vulnerabilities resulting from overprovisioning of non-employees, minimal visibility presents a huge security risk.
Not only is the proliferation of identities a growing problem, but the challenge is heightened by a coinciding increase in the number of applications those users need access to and the range of entitlements that must be managed.
For IT teams already stretched thin, this task quickly becomes overwhelming, especially as 53% of surveyed financial organisations admit they are still dependent on legacy tools and manual processes. Managing hundreds of users manually often leads to loosely controlled access, poor oversight, and heightened cyber risk. Without modern identity security solutions, keeping up with these demands becomes nearly impossible.
Leveraging AI to mitigate risk
Managing ICT risks associated with overprovisioned identities must be a top priority for organisations.
IT teams must carefully control which identities in their supply chain have access to what, when, and for how long. Access should be granted strictly on a need-to-know basis, with rigorous management of onboarding, offboarding, and the entire identity lifecycle in between. Enhancing organisational visibility into these identities is crucial for mitigating risk.
To reduce the manual pressures of this task, AI serves as a silent but effective partner. Technology such as AI-enabled identity security can automate these tasks and seamlessly manage access requirements in real-time. This real-time oversight enables IT teams to keep on top of the surge in identities needing access to different applications, ensuring that each identity only has as much access as is required to perform their role.
Today, sophisticated AI-enabled identity security solutions are already impacting how organisations see, manage, control, and secure all variations of identity. This technology also helps to reduce the attack surface, enabling easy detection of suspicious and unusual behaviour well ahead of a breach occurring, easing the burden on IT teams and supporting compliance efforts.
Robust reporting and information sharing
Despite robust preventative measures, security breaches remain inevitable as malicious actors continue to leverage new technologies like AI. To comply with DORA, financial firms should standardise ICT-related incident management and reporting processes to understand how incidents happen and users’ roles. In the event of a breach, detailed information must be collected and shared to identify attack patterns and enhance cyber resilience.
To support incident reporting, modern identity security systems can help provide a comprehensive picture of events. In recent years, there has been a rapid growth of identity threat detection and response (ITDR) solutions, which enrich the context of security incident analyses to help organisations better identify unusual patterns of behaviour, enabling more proactive and predictive capabilities.
ITDR solutions, combined with identity security solutions, provide an incredible amount of context in real time, helping organisations to identify threatening activity and what remediation is needed – all in a single source of truth. AI, combined with the power of unified identity data, is a clear path forward to help stay ahead of threats today.
Maximising cyber resiliency
DORA sets the standard for how financial services must build protection and resiliency into their operations. But as cyber risk evolves, compliance must be more than a tick-box activity, it needs to be met with something bigger, an approach that does away with reliance on manual processes and outdated tools for good.
To ensure that DORA’s objectives are firmly embedded into processes, adopting a proactive, AI-enabled approach to identity security will be crucial. Strengthening visibility into users, identities, and access requirements across the entire supply chain can enable financial services organisations to increase proper governance, close security gaps and build a robust and resilient future.
Mo Joueid is a seasoned professional in Cloud and Identity/Access Management, boasting over 25 years of experience in the field. At SailPoint, he serves as an Advisory Solutions specialist, leading clients through comprehensive identity security programs and implementing robust identity security solutions. His career includes significant tenures at HCLTech, Kin + Carta, and HID Global, where he has demonstrated exceptional skill in Cloud (IAM), security, and identity management. An influential thought leader, Mo is known for his strategic vision and commitment to advancing industry best practices through his work and public engagements.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.