The CISO's Guide to MITRE ATT&CK® for the Financial Services Sector
How to build a program of threat-informed defense in an industry under regular cyberattack.
Organized crime and hostile nation-states continue to invest in new malware tools and techniques to compromise financial networks. These attackers will do whatever it takes to steal financial assets, intercept financial transactions, acquire customer identity data, and capture financial data of almost any kind.
The data speaks for itself — the banking and financial services industry has consistently been one of the top targets for cyberattacks. In 2019, the financial services industry was, in fact, the most targeted sector in the majority of countries around the world. Over 21 percent of sensitive files in financial services firms were exposed — this is larger than any other industry other than manufacturing, which was the same. The banking industry had the most substantial financial toll from cybercrime, costing an average of $18.3 million per company surveyed.
Financial institutions can benefit greatly from implementing MITRE ATT&CK as part of a threat-informed defense strategy. MITRE ATT&CK is, in both depth and breadth, the most extensive attack knowledge base, providing suggested mitigation techniques, detection procedures, and other relevant technical information. MITRE has expanded the Kill Chain to include a wide variety of tactics that are then supported by specific techniques. This organized approach enables financial institutions to select and analyze attacks methodically and compare them to the capabilities of internal security controls to understand the gaps.
Download this guide to learn more about how leveraging the MITRE ATT&CK framework can increase your organizations’ cybersecurity effectiveness and allow you to implement a threat-informed defense.