3 Keys to Effective Managed Detection and Response for Financial Firms


Thought Leadership

3 Keys to Effective Managed Detection and Response for Financial Firms

Geoff Bibby

Sometimes the scope of a problem can paralyze the solution. We see this a lot in regard to cybersecurity. Companies know they need to defend themselves robustly, especially if their work is involved with sensitive and highly regulated industries like financial services.
The AppRiver Cyberthreat Index for Business for the first quarter of 2019 focused on the preparedness of small and medium-sized businesses in particular, and the findings are sobering:
  • 64% of all SMBs — and 77% of large SMBs (those with 150 to 250 employees) — report that cybersecurity attacks are "prevalent" among businesses such as theirs.
  • 71% of all SMBs report to have experienced at least one attempted cyberattack in their office within the past quarter.
  • SMBs in the finance, healthcare, and technology sectors were most likely to report a high prevalence of attempted cyberattacks within the past quarter.
Yet staying in front of every compliance risk and security threat can be daunting for any size of business, draining huge amounts of time, energy, and attention. The problem is as deep as it is wide, which is evidenced by the fact that 61% of all SMBs (and 70% of large SMBs) believe hackers have more sophisticated technology at their disposal than the businesses do in their own cybersecurity resources.
It’s a complicated issue that leaves a majority of SMBs vulnerable.
Although cybersecurity is becoming more complex and demanding, managing a proper defense doesn’t have to be a monumental task and can be easier and more effective with the right approach. As such, cybersecurity is a three-pronged strategy made up of encryption, archiving, and threat protection, with the understood best practice as an adequate layer of each. And if tougher new data regulations pass (which is likely), having all three in place will be a legal requirement.
Managed detection and response, or MDR, a capability broadly known as security as a service, is an option for firms that feel overwhelmed by cybersecurity. According to AppRiver’s survey, 58% of all SMBs (and 66% of large SMBs) believe that a security breach of their clients’ records would be more likely to end their business than the combined effects of a fire, flood, theft, transit strike, or citywide road closure. As such, up to 15% of companies will rely on MDR to defend against cyber risks while outsourcing the hard work of cybersecurity by 2020.
The Unique Advantages of MDR
Timely detection and response are particularly important in the financial industry. According to Gartner, both will become cornerstones of cybersecurity by 2020.
Finding and neutralizing threats faster is a way to limit overall damage. More important, companies with active security measures discourage hackers looking for low-hanging fruit. Instead of trying to break through the strong defenses, these hackers go looking for companies with weak (or no) measures in place. A strong cybersecurity posture will inherently help to reduce the number of attacks overall.
Managing compliance risk is another significant advantage. Both the Financial Industry Regulatory Authority and the Securities and Exchange Commission have clearly signaled that cybersecurity and data protection will be much higher priorities moving forward. For companies, essential protection now includes threat protection to prevent attacks, encryption to secure information, and archiving to handle disclosure. However, compliance is challenging enough without having to manage a major security initiative. For that exact reason, a lot of companies are choosing more consolidated efforts with an MDR approach.
The Key Components of MDR
To understand why MDR is such an asset, it helps to evaluate the overall approach in the context of a real attack. Phishing emails are the scourge of the inbox, tricking users into downloading malware or handing over information. All it takes to put the entire financial firm — including all clients and partners — at risk is one malicious email and one bad click by an employee who did not put email security best practices into use. MDR can automatically neutralize this threat because it offers:
• Threat protection: Phishing emails look legitimate and sound convincing. Realistically, the only way to keep users from falling for the scam is to keep these emails out of the inbox entirely. Threat protection monitors all incoming emails for a variety of red flags. Suspicious emails are tagged and then quarantined before they ever reach users.

• Encryption: If a phishing scheme is successful, hackers typically gain easy access to one or more email inboxes, many full of private conversations, sensitive documents, insider information, and official log-in details. Once hackers have access to this treasure trove, they can do a lot to hurt a company and its clients. Encryption makes email and any information contained within inaccessible to anyone without authorization. So even if hackers can compromise an inbox, the contents are useless if an adequate encryption layer has been deployed.
• Archiving: Think of archiving as the last line of defense. When data becomes inaccessible due to a cyberattack, business grinds to a halt. Restoring the data then becomes an urgent priority. And if it can’t be restored, the company might never fully recover. Archiving automatically funnels important information and communications into a secure archive, which enables a more permanent retention of the data in a secure location, even if rendered inaccessible at the point of attack. The capability gives administrators a direct path through which information can be recovered during times of crisis.
Zix has developed the leading cybersecurity solutions on the market. We also excel at integrating and automating those solutions to provide comprehensive MDR protection. Don’t let yourself be overwhelmed. Rely on Zix to provide 360-degree protection that requires as little input as possible.