- August 3, 2020
- Posted by: Pat Riot
- Categories: CyberSecurity, Finance, Managed Detection and Response, Security Operations
In 1748, Benjamin Franklin wrote an essay to a friend of his titled “Advice to a Young Tradesman”. He began his first paragraph with “Remember that Time is Money”. This is believed to be the origin of the proverb “Time is Money”. The moral of the essay is if someone wanted to earn money (or in Bens’ case, shillings), they would have to trade time out of their day. The phrase “Time is Money” would go on to be a staple across American capitalistic culture that thrives off economic freedom & growth, efficiency, and innovations. This phrase holds true to businesses of every vertical in today’s society, but is extremely keen in the financial industry, because that’s literally where the money is.
As a financial firm, society puts a lot of trust and faith into you to help them invest, exchange, transfer, and save. With this trust comes massive amounts of Personal Identifiable Information (PII) & Non-Public Personal Information (NPPI). However, this sensitive information is extremely necessary for verification processes in financial transactions. Without it, there would be no way to ensure the right persons money is going to the right place.
PAUSE. And there is the issue right there: If that personal information is obtained by an unauthorized source, it can be used as a disguise to scam firms and clients out the very thing they hold most dear but in fact, it happens all the time. Over the last year, there have been over 160 million data breaches with 71% of them being financially motivated, according to Fortunly. The average cost of a data breach in the US today is $8.64 million while taking an average of 280 days to identify and contain the breach, per IBM. When thinking about that time, 280 days is an insane amount of time for data to have been breached without knowing! IBM also reported that companies who had incident responses and security automations saved an average of $3.5 million compared to companies who didn’t because, again, Time is Money.
The best way to identify threats and act on them in Real-Time fashion is by utilizing a Security Information and Event management (SIEM) software integrated into a Managed Detection and Response platform. SIEM’s have a wide array of specialized tools and features that utilize machine learning artificial intelligence to let organizations gain full visibility and control into their company network, allowing them to monitor & enforce corporate policies. The software acts as a centralized system for security alerts that your network may have in place such as: Firewalls, VPN’s, Intrusion Detection Systems (IDS), and Device Security. All the data from these different security features are gathered directly to the SIEM, allowing all log aggregation to be in one spot. This is where an extension of SIEM comes into play known as User Entity and Behavior Analytics (UEAB). UEAB highlights suspicious activity & patterns from log information and immediately alerts to the SIEM. It looks for things like logins from strange locations or machines uploading large amounts of data sporadically. Another Extension of SIEM is a Security Orchestrated Automation & Response (SOAR). SOAR takes the security alerts from the UEAB and initiates automatic responses to isolate, contain, and remedy the problem. So many acronyms and cybersecurity technologies that you do not need to worry about if you outsource your cybersecurity needs.
Here, at Steel Patriot Partners our state of the art Managed Detection and Response platform helps Financial Industries detect, respond, and resolve data breaches in Real-Time. Waiting 280 days to find out about a data breach can be detrimental to a financial corporations’ reputation and bottom line. Our SIEM system provides 360 degree visual into your company’s network with and team of security experts working 24/7/365 days a year proactively threat hunting & monitoring your log data. When our system gets an alert it cross correlates data from all other systems to verify threats and eliminate false positives. Don’t wait almost a year to find out you’ve been breached, find out today. Because remember, Time is Money.
For more information on how our SIEM system can help your company gain visibility and control over its network call us at 703-297-4405 or email us at [email protected]! We would love to talk!