Learn how hybrid work is fueling ransomware attacks and what to do about it.

Back to blog

Why HEAT attacks pose a huge risk for finserv organizations

Mark Guntrip | Oct 18, 2022

Illustration of people examining charts and graphs

Share this article

It’s no surprise that financial services (finserv) organizations have a target on their backs. Cybercriminals and other malicious actors know they work with valuable personally identifiable information (PII) and proprietary financial information that can be monetized. It also helps that these multi-billion-dollar companies likely have a huge rainy-day fund that can be tapped for ransom payments.

However, as threat surfaces expand due to digital and cloud transformation, ransom demands increase, and attacks become more prevalent, risk assessment no longer favors inaction. It’s clear that finserv organizations need to rethink their security strategies to be more proactive in stopping today’s most damaging threats, which include Highly Evasive Adaptive Threats (HEAT). This new class of cyberthreat turns the single biggest productivity tool—the web browser—into a threat vector.

Adapting to new environments

Finserv business operations have radically changed over the past three years. A new hybrid workforce has stretched threat surfaces thin, digital transformation and new customer engagement channels have moved critical information and systems out to the edge of the network and beyond, and a growing reliance on third-party partners and tools have created visibility and control complications that make it difficult to identify and stay on top of security issues. What’s the biggest problem? Security teams are struggling to keep up.

Traditional detect-and-respond strategies are no longer viable, as the speed of detection will never be able to keep up with HEAT attacks. HEAT evasive techniques include HTML smuggling, sending malicious links through unprotected channels (such as text messaging, social media, and collaboration software), hiding malicious content inside web page source code, and using benign websites to deliver sophisticated malware. Essentially hiding in plain sight, these HEAT attacks are able to trick traditional detect-and-respond security solutions into assuming they are legitimate traffic.

It’s clear that there are too many ways for attackers to penetrate the network, too many vulnerabilities to plug, and too much reliance on other people or entities to make the right security decisions.

Reevaluating the focus on detection

Rethinking the way we’ve traditionally approached security—by stopping that initial breach—is the only way to prevent these attacks from occurring in the first place. Here are five things that security teams at finserv organizations need to keep in mind as they refocus on prevention to remove HEAT attacks from their list of concerns:

1. Plan your mitigation strategy ahead of time.

Having a plan in place in case of a breach is critical. You need to identify the weakest links in your security posture—whether they’re remote workers, your partner ecosystem, customers themselves, or some other threat surface. You then need to educate these stakeholders on best practices to keep the organization safe while making sure you create a recovery plan in case of a breach. Knowing that you have safeguards in place, that there’s a plan for quick recovery, and that everyone is on the same page provides peace of mind that you’re doing everything you can to mitigate an attack.

2. Push visibility and control to expanding threat surfaces.

Business today isn’t just conducted in person, on the phone, or via email. Customers are engaged in private applications, third-party platforms, and on social media—all channels that provide little to no visibility or control. Even the channels you do control—your website, chat bot, and private applications — likely run on third-party infrastructure in the cloud, where each provider has their own set of security policies. Security teams need a new centralized security platform that breaks down these barriers and gives them visibility into applications, devices, workloads, and applications spread across multi-cloud infrastructure. They need a platform where they can create and apply enterprise-level security controls that are reliable and consistent, yet don’t impact productivity.

3. Scale wherever you do business with a cloud-native approach.

Whether you’re a global Fortune 500 enterprise or a regional bank, your operations have spread out of the office to the edge of the network and beyond. It’s critical that your security scales with your business, providing protection wherever you do business—whether it’s an analyst logging in while on vacation, a customer making a transaction in a mobile app, or a teller checking an account balance from a branch location. This ability to scale requires a cloud-native security strategy that is flexible—able to proactively protect dynamic infrastructure spun up on demand.

4. Create, manage, and apply context-aware policies.

Blindly applying the harshest security controls to all users and entities puts unnecessary restrictions on business as usual. Tellers in a bank branch use devices that are not connected to the Internet, so it makes little sense to impose the same controls as those applied to a remote mortgage agent who uses a laptop to check third-party rates. Your security strategy should be user, device, infrastructure, and application aware—giving you the ability to apply different policies on various workloads. This starts with knowing who your users are, where they’re located, what sanctioned and unsanctioned applications they use, and what they’re allowed to do and how they’re allowed to do it. Being armed with this context allows security teams to apply appropriate security controls without being disruptive to normal business operations.

5. Acknowledge the convergence of compliance and security.

Finserv companies are the most heavily regulated organizations on the planet, but meeting compliance requirements should be more than just going through a checklist. Security teams need to work with compliance teams to know what they need to do (compliance) and how they should do it (security). Compliance needs to be baked into your preventative security strategy to ensure that you are meeting the letter and spirit of your compliance requirements.

Visibility and control are the keys to a preventative security strategy

Finserv organizations are under constant threat from HEAT attacks originating from the Internet and email. Security teams need to rethink their traditional detect-and-respond approach to be more proactive in preventing the initial breach. This requires foresight and planning, as well as a new security framework that ensures visibility and control into expanding threat surfaces.

Share this article

Make the secure way to work the only way to work.

To talk to a Menlo Security expert, complete the form, or call us at (650) 695-0695.