Finance’s Cyber Armor: External Risk Mitigation and Management

Businesses of all types face a variety of direct and indirect cybersecurity risks that originate from external sources. Protecting against them is where External Risk Mitigation and Management, or ERMM, comes into play.

Here’s a look at the role that the ERMM process plays in providing the intelligence, scoping and discovery capabilities that modern organizations need. To ground the discussion, we focus on ERMM in the banking, financial services and insurance (BSFI) sector, although many of the capabilities we discuss below apply to any type of business.

Managing direct risks with ERMM

ERMM helps to identify and manage direct risks – meaning risks that attackers can immediately exploit to harm a business – in multiple ways:

• Discovering new intelligence: The faster businesses can learn about new types of threats, the better equipped they are to mitigate them before the threats turn into active attacks. The ERMM process help here by monitoring GitHub repositories, forums, telegram channels and so on to provide real-time insight and alerts into emerging threats, then alerting businesses so they can defend themselves before threat actors begin carrying out attacks.
• Detecting compromised employee credentials: An effective ERMM program can detect compromised employee credentials, which threat actors could use for Account Take Over to carry out phishing attacks or for data theft and exfiltration. This is especially important in the BSFI sector, given that 50 percent of all phishing attacks target the financial industry.
• Detecting compromised customer credentials: When information from stolen customer credit cards – including card numbers, CVVs and expiration dates and personal cardholder details – appears in Deep or Dark Web forums, an ERMM program alerts the business so they can take action to block misuse of stolen payment cards. In 2023, Cyberint identified stolen information associated with 8 million payment cards.  
• Finding leaked internal secrets: In addition to detecting compromised information about customers and employees, the ERMM process can find instances of exposed internal business resources – such as software source code or access credentials that employees use to log into internal systems.

In the BSFI sector and beyond, Cyberint delivers risk insights like these at the rate of about 500,000 stolen credentials that we discover every single day. These are then correlated with the customer’s digital assets to find relevant threats and then prioritized by risk, so companies receive only the most impactful information. We also provide guidance on how impacted businesses can help mitigate the risk of ongoing threats.

For example, when we identify stolen credentials associated with a former employee’s account – a common occurrence that can lead to serious breaches – we suggest that businesses invest in single sign-on (SSO) solutions, which make it easier to remove an employee’s access to all systems when the employee departs (because with SSO, there is just one centralized login to disable). We also encourage businesses to make sure they have proper checkout processes in place for employees who leave the organization.

Indirect BSFI risk management with ERMM

ERMM also plays a central role in helping to detect indirect external risks – meaning those that originate beyond the organization’s infrastructure or with a third party, but that could have an adverse effect on the organization’s cyber risk posture.

For example, ERMM helps protect businesses against:

• Brand impersonation: Misuse of a company’s brand by threat actors could lead to social engineering attacks. For example, if someone posts on a bank’s social media channels requesting help with an issue, a fake account that impersonates the bank could reach out to the customer, then ask for access information that would enable attackers to log into the user’s account, bypass MFA and access funds.
• VIP impersonation: Attackers can also impersonate executives or other “VIPs” within an organization as a means of tricking customers or employees into handing over sensitive information. While this is a less common occurrence, it’s still an important risk to manage, especially in the BSFI sector.
• Fake job ads: Fake job ads appear when threat actors pose as recruiters at major companies, then reach out to job seekers in a bid to steal their personal information. ERMM alerts businesses to ads for fake jobs at their companies.
• Emerging third-party risks: Sometimes, a risk emerges within a partner or vendor organization, but the organization doesn’t disclose it fast enough for impacted businesses to take action. ERMM helps here by reporting issues faster than third parties publish them, enabling continuous third-party risk monitoring and immediate rectification.

How to Maximize the Impact of ERMM

All ERMM solutions deliver visibility into external risks. However, to get the most out of ERMM, look for an offering that does more than just list risks. The solution you choose should also help you understand and react to risks as efficiently as possible by providing the following capabilities.

Continuous Risk Detection & Prioritization 

The best ERMM solutions prioritize risks by using Attack Surface Management (ASM) to assess a business’s digital footprint, then determine the extent to which a given risk can harm the business based on the types of assets and digital services it uses.

With this information, the organization can make strategic decisions about which risks to mitigate first – which is critical because in the past, “organizations have tended to focus on known, more visible facts – vulnerabilities and control failures – while neglecting threats as a factor in cyber risk assessments,” as SecurityWeek notes. 

Faster Risk Response With High-Fidelity Intel

ERMM solutions should deliver high-fidelity alerts with minimum false positives. Otherwise, the threat intelligence they provide can cause more harm than good by wasting the security team’s time. A high rate of false positives “causes roadblocks for many security teams, as incorrectly flagged issues can cause organizational chaos,” Security Magazine notes.

To manage the high volume of risks they face, BSFI organizations need focused, impactful intelligence, not a firehose of minor or irrelevant risks and alerts.

Shorter Mean Time To Remediation (MTTR)

Knowing that an external risk exists is just the start of the battle. Businesses also need to mitigate the risk – and the faster they can mitigate, the lower the chances that a risk turns into a costly incident. Having the correct context speeds up MTTR significantly.

Enabling extensive investigation

ERMM should help organizations not just identify risks, but also investigate them by providing clues about threat actor activity and location. With this information, businesses can assess where stolen credentials or source code is likely to be used, or anticipate phishing or smishing attacks before they happen.

Integrations

ERMM is just one component of a comprehensive cybersecurity strategy. For that reason, ERMM tools should integrate with threat intelligence, alerting, monitoring and other security solutions to help teams assess and mobile against threats holistically.

Future-proofing

An effective ERMM solution and strategy must address not just those risks that exist today, but also risks that might emerge in the future. This requires capabilities like monitoring additional channels where threat actors operate as those channels emerge, as well as detecting and assessing new types of risks. We’ve collected and analyzed 554 million threat intelligence items so far in 2023, reflecting just how quickly threat actors evolve their techniques.

You never know exactly what threat actors are going to do next, but an ERMM solution should be able to adapt so that you can effectively detect new attack strategies as soon as they appear.

Optimizing the impact of BSFI external risk management with Cyberint

Cyberint – which the consulting firm Frost and Sullivan named the ERMM “company of the year” in 2023 – delivers world-class ERMM capabilities that help protect businesses in the finance sector and beyond. Whether you’re a global enterprise, a small startup or anywhere in between, Cyberint provides the threat intelligence you need to identify and react to both direct and indirect risks, allowing you to block threats before they harm your business.

Learn more by requesting a demo.