Banks: How to Improve Threat DetectionThe Role of 'Day-to-Day Situational Awareness'
Situational awareness requires understanding threats and risks in real time to help minimize the impact, says Bhat, who works in Deloitte & Touche's Cyber Risk Services practice. To gain this kind of understanding, financial-services companies have to detect attacks as they happen - and that requires a strong emphasis on cyber-intelligence, he says.
"You need to have dedicated threat-management teams that are at the frontlines ... as well as automation and analytics," Bhat says in an interview with Information Security Media Group.
"Detection of attacks still needs to be enhanced significantly across the industry at large," Bhat says, citing the results of Deloitte's latest research in its Transforming Cybersecurity report.
The average annualized cost of cyber-crime for U.S. financial services institutions in 2013 was $23.6 million - a nearly 44 percent increase from 2012, the new report notes.
Because threats and attack vectors are always changing, banks and credit unions can't have one-size-fits-all defenses, Bhat says. And today's attackers are after more than just financial data. Threat actors target institutions for a number of reasons, ranging from destruction of critical infrastructure to the theft of intellectual property.
"There needs to be a certain level of maturity in cybersecurity and IT risk management practices," Bhat says. "You have to get the appropriate threat intelligence in order to act on it quickly. ... The leading financial institutions are investing in cyber-intelligence centers, but not every institution is going to have the ability to invest in all of those capabilities."
A Typical Cyber-Risk Heat Map for the Banking Sector
That is why cyber-intelligence sharing is so critical, he adds.
During this interview, Bhat also discusses:
- Attacks waged against the payments industry;
- The information-sharing challenges smaller institutions face;
- Evidence that the threat landscape is evolving.
At Deloitte & Touche, Bhat serves as industry leader for financial services and manages the Vigilant by Deloitte Advanced Research and Solutions Group. He assists global institutions in defining and implementing their cyber-risk programs. Most recently, Bhat has been a contributor to the development of Deloitte's Cyber Threat War-Gaming solutions.