According to Cisco, the security landscape is "plagued by too many vendors”. For anyone responsible for cybersecurity within a financial institution, this statement is particularly likely to ring true. While more solutions being available is not necessarily a problem, rather than giving cybersecurity professionals more options for defence, the increasingly crowded solutions marketplace may instead be creating a paradox of choice.

Faced with a dizzying number of options and a threat landscape that keeps evolving, organizations can feel obliged to invest in new solutions to maintain the status quo. However, having more solutions on hand within financial institutions does not necessarily make their operations safer from cyber threats. Case in point: the vast majority (73%) of financial firms run 25 tools or more, and about 1 in 10 run more than 100 tools. Yet despite all this "protection," financial firms appear to be just as vulnerable to cyber attacks as organizations in other sectors — if not more so. Over 60% of financial institutions suffered a cyberattack in 2019, and 70% of financial firms experienced a cyberattack in 2020. 

As a result, it's fair to say that today's overabundance of cybersecurity tools is not necessarily providing effective defence. However, this situation still raises an important question: how many cybersecurity tools are required to achieve real protection for financial services companies? 

As budgets surge, interest in new technology grows

The financial industry has always been an attractive target for cybercriminals, so it's not surprising that cybersecurity spending has long been a top priority for many firms. In 2018, for example, organizations in finance and insurance spent the most money on cybersecurity of any sector. Notably, spending also increased 85% from the year before. 

More recently, the COVID-19 pandemic, WFH initiatives, and surging cybercrime have prompted many financial institutions to increase their spending on cybersecurity tools even further. Respondents from financial backgrounds to a Deloitte and FS-ISAC 2020 report said that in 2020, they dedicated about 10.9% of their IT budget to cybersecurity, up from 10.1% in 2019. The study also shows that as budgets increase, board-level interest in security technologies has surged, with interest levels in new solutions doubling since 2019. At the same time, finding experienced cybersecurity staff remains a significant challenge.

With staff at a premium, more cybersecurity tools can lead to more problems

With zero-day threats constantly appearing and recruiting cybersecurity professionals a continued challenge, financial firms often invest in new tools in the hopes that they will solve emerging problems without straining human resources. However, because the vast majority of these tools are not designed to play well together, the result is often the opposite of what is intended. Rather than increased security, too much spending instead leads to greater complexity and more opaque visibility. Going back to the Deloitte and the FS-ISAC 2020 survey, many respondents quoted "difficulty prioritizing options for securing the enterprise tied with inadequate functionality and interoperability of security solutions" as one of the main challenges in managing cybersecurity. 

For the vast majority of organizations, managing all the cybersecurity tools they have is an unfeasible task. Unfortunately, it is impossible to have a secure environment if it is not also properly managed. About half of IT experts are not sure how effective the cybersecurity solutions their organization deploys are. Nearly two-thirds of IT professionals report that one of their security controls claimed to have blocked an attack when in fact, it had failed to do so. 

The shortage of cybersecurity professionals in financial IT combined with the multiplicity of cybersecurity tools in use means that frontline cybersecurity staff are faced with a huge amount of alerts per person. Research by the consultancy firm Ovum found that 61% of financial organizations are dealing with over 100,000 alerts each day. Being able to monitor these alerts is the top pain point for a third of bank security executives, with most saying they need better, rather than more, security tools. 

It's not just that using too many cybersecurity tools can create "alert fatigue." This type of situation can also widen inherent security weaknesses. As organizations implement more competing solutions, they run more and more code, which increases the likelihood that they will eventually introduce a vulnerability into their corporate systems. Besides, organizations with dozens of cybersecurity tools are unlikely to use them all to their full potential anyway, with most IT teams favouring specific solutions over others regardless of what their organization is paying for. 

Unsurprisingly, in a Deloitte & Touche LLP Global Risk Management Survey, less than half of respondents said their company is "extremely” or “very” effective in managing cyber exposures.

About the author

Brad Freeman, Head of Threat Analysis, SenseOn

Brad is an expert in his field, with over a decade’s experience conducting nationally significant cyber security investigations across the critical national infrastructure and telecommunications sectors. Drawing on his extensive industry experience and knowledge, Brad leads the threat analytics team at SenseOn, and specialises in finding and uncovering advanced actors deeply embedded within clients’ infrastructure. SenseOn.

The ideal amount is “less”

From the Target breach to the Sony hack to the Neiman Marcus attack, the one thing that most security breaches have in common is security silos. As these and other attacks show, running multiple cybersecurity tools tends to result in security blindspots, presenting an excellent opportunity for advanced threat actors. While IT teams sift through endless alerts with no way of understanding the "big picture," attackers can quietly gain access through known vulnerabilities or neglected security controls. 

Countering this all too common problem within financial institutions entails taking a proactive approach to cybersecurity. Rather than investing in multiple point solutions, management at financial organizations should see if they can source products that solve more than one issue simultaneously. Building a less diverse security stack removes the need for dozens of tools, reduces bloatware, and gives staff greater visibility into security operations.  

Solutions like SenseOn, a self-driving cyber defence platform, can replace multiple cybersecurity tools — including EDR, NDR, IDS/IPS, UEBA, SIEM, and SOAR — with one cohesive platform, giving financial organizations unparalleled visibility across their entire digital estate. SenseOn's unique AI Triangulation technology, which thinks and acts like a human analyst, observes threats from different perspectives and learns from experience, automating threat detection, investigation and response, surfacing only genuinely malicious threats for human analysts’ attention. This not only reduces the overall number of alerts teams must deal with but also significantly reduces the number of false-positive alerts, saves financial firms time and money, and allows IT teams to stay ahead of the changing threat landscape. 

Organizations often complain about tool sprawl and the fragmentation of security operations. With SenseOn, this is a problem that they can solve. If you'd like to learn more about how, as a financial institution, you can implement SenseOn within your organization, take a look at our financial firm case study.