Bringing It Together: How Fusion Centers Drive Financial Services Resilience

Today, it’s still not lost on cybercriminals that financial services represent an often untapped goldmine of opportunity. In light of expanded attack surfaces, emerging generative AI-powered threats, evolving compliance regulations, and ongoing economic and geopolitical instability, financial cyber attacks aren’t disappearing anytime soon. With this, FSIs don’t have time to stall their processes to harden defenses — their ability to stay up and running is non-negotiable.

To address these ongoing challenges, SecOps, ITOps, and engineering teams have to adopt new approaches that call for enhanced collaboration, communication, and greater overall visibility into systems, tools, and processes to identify threats sooner and respond to them faster.

One model that’s growing in popularity is based on what is known as Fusion Centers, the strategy of bringing data together in one place so teams such as SecOps, fraud and financial crime teams, ITOps, engineering, and business analytics can work from a single source of truth to tackle rising cybercrime and become more resilient in the face of more nefarious attacks.

(Related reading: what are fusion teams?)

A More Uncertain Threat Landscape

While financial services have always dealt with their share of malicious attacks and other cybercrime, today, they face threats that go well beyond simple fraud, such as terror financing — the solicitation, collection, or provision of funds intended for terrorist acts or organizations. Also, as generative AI becomes more pervasive and accessible, financial services organizations will need to ramp up defenses for more sophisticated social engineering, phishing, and brute-force attacks that pave the way for a surge of account takeovers, enabling bad actors to infiltrate private financial accounts.

And it’s likely that continued economic uncertainty and geopolitical events will only escalate cybercrime rates. A 2022 KPMG report issued an advisory about the increasing risks, saying: “From the Russian invasion of Ukraine to general COVID-19 disruption to widespread economic uncertainty, volatility — and therefore cyber risk and insecurity — has increased at the global level.”

Governments have reacted to these threats and uncertainty by increasing oversight of financial services institutions and strengthening compliance regulations. According to a January 2023 Financial Times report, global fines penalizing financial services institutions for failing to prevent money laundering and other financial crimes rose more than 50% over the last year, while financial penalties for compliance violations are increasingly costly.

But while financial services are addressing turbulence and volatility on a daily basis, SecOps, ITOps, and engineering teams also have opportunities to reexamine reactive and siloed approaches to cyber defense, step out of their bubbles, and work more closely than ever before.

Fusion and the Future of Security in Financial Services

One possible answer to these ongoing challenges is the Fusion Center. With origins in counter-terrorism, the concept of Fusion Centers is based on the premise that by unifying people and processes, organizations can enable more effective use of data and analytics, in turn increasing visibility and communication while reducing response and remediation times.

But old habits often die hard, as the saying goes. And for many financial services organizations accustomed to working in rigid silos, this collaborative approach represents a dramatic shift — and one that’s not necessarily intuitive. Compiling reams of underlying data, alerts, notifications, dashboards, reports, KPIs, and decision-makers across organizational lines of business in one centralized location is not easy for even the most mature FSIs.

That is where a common, comprehensive platform comes in, allowing financial services organizations to achieve 360-degree visibility across their hybrid tech stacks. Among other things, a platform like Splunk can help financial services:

• Deliver innovative customer experiences faster: Financial services organizations can have peace of mind about the performance and security of consumer-facing web and mobile applications that deliver the experience customers expect. Also, by increasing visibility into third-party integrations, financial services organizations can reduce overall risk while still allowing open banking solutions to operate by business units to meet customers’ digital needs.
• Detect, prevent, and respond to security incidents and financial crime to protect organizations’ balance sheets and reputations: A unified platform can track the end-to-end digital journeys of cybercrime, using all relevant data to build risk indicators and apply risk scoring while helping multiple teams to collaboratively detect suspicious activity. For example, after using Splunk for security monitoring and incident management, Deutsche Kreditbank (DKB) accelerated threat detection and investigation by 90%, while increasing visibility across tools and environments and reducing false positives.
• And comply with evolving regulations that demand more speed, transparency, and resilience: A unified platform allows financial services institutions to set up alerts and document any defined measures on almost any kind of data for compliance audits. Western Australia mortgage provider Keystart used Splunk to centralize its view across its environment, which helped monitor compliance against security standards and reduced incident response time by 75%. By lining up data from various sources, financial services institutions can identify deviations from established risk tolerance levels and trigger automated alerts to track progress.

While using a Fusion Center model might help organizations work more collaboratively, the transformation won’t happen overnight, nor will associated tool integrations or knowledge transfers. But ultimately, the benefits will far outweigh the costs. With the help of Splunk, financial services have the opportunity to deliver innovative customer experiences, reduce cybersecurity and financial crime risks, keep digital systems up and running, and streamline compliance.

Learn more about how you can use Splunk to mitigate cyber events, reduce fraud and financial crime, and improve infrastructure integrity at our new FSI industry page.

Read about how your financial services peers are using Splunk to improve incident response, increase uptime, and become more resilient in our FSI customer e-book Banking on Resilience.