Financial services firms face surging identity-based cyber threats

With identity-based attacks rising significantly, Rate Companies shares its strategies to combat these threats using advanced AI-driven measures.

Financial services firms are increasingly facing sophisticated identity-based cyber attacks, posing significant threats to security and trust within the industry. VentureBeat has reported that the financial services sector is grappling with exposure exceeding $3.1 billion from synthetic identity fraud, which saw a notable growth of 14.2% over the past year, while incidents involving deepfakes have surged by 3,000%. Projections indicate this trend may continue with a further increase of 50 to 60% anticipated in 2024.

Katherine Mowen, Senior Vice President of Information Security at Rate Companies (formerly Guaranteed Rate), a leading retail mortgage lender in the U.S., has provided insights on the measures the company is implementing to combat these identity-based threats. In a recent virtual discussion with VentureBeat, Mowen highlighted that “we face some of the most advanced and persistent cyber threats out there,” stressing the imperative of proactive defence mechanisms given the increasing rate of breaches in the mortgage industry.

Rate Companies processes billions of sensitive transactions daily and therefore becomes a prime target for cybercriminals. The firm is adopting innovative measures, including AI-driven threat modelling, to protect customer, employee, and partner identities. Mowen explained, “I think that what we’re doing right now is fighting AI with AI,” as the company seeks to enhance its Defence posture in light of growing threats.

Implementing a zero-trust framework is central to Rate's strategy. The company's operations adhere to the principle of “never trust, always verify,” which is crucial when validating identities and managing access to sensitive resources. By utilising advanced AI threat modelling, Rate can monitor transactions and workflows against a backdrop of a prompt response to potential threats. Mowen noted that as the average breakout time for eCrime incidents now sits at just 62 minutes, their organisation has adopted the “1-10-60” Security Operations Centre (SOC) model, which advocates for detecting threats within one minute, triaging them in ten, and containing them within sixty minutes.

With the cyclical nature of the mortgage industry requiring the scaling of staff from 6,000 to potentially 15,000, Rate sought a cybersecurity solution that accommodates rapid changes in workforce size and licensing requirements. The company has turned to CrowdStrike’s Falcon Flex licensing model, which offers streamlined integration across multiple layers of security.

The financial institution's approach to security includes strict monitoring of identities and their access levels. Mowen elaborated on the tools they selected to facilitate this: “Falcon Identity Protection gave us visibility and control to defend against these threats." Significant enhancements were made to their systems that previously yielded excessive alerts without actionable intelligence, shifting towards a more efficient model with CrowdStrike’s Falcon Complete Next-Gen managed detection and response.

Mowen's insights underscore the necessity of having a clear and measurable strategy in place to secure cloud environments, particularly given the organisation's ongoing growth through acquisitions. As firms adapt to a rapidly evolving digital landscape, the ability to integrate systems and respond to threats swiftly is paramount.

In looking ahead to 2025, Mowen highlights that identity security will continue to be a crucial concern across various industries. She stated, “Identities are considered a weak point in many tech stacks,” emphasising that attackers are continuously refining their techniques to exploit such vulnerabilities. The use of AI-driven defences, alongside established frameworks of continuous verification and least privileged access, will be essential in safeguarding assets against the evolving cyber threat landscape.

As these technologies advance, finding effective methods to automate responses and alleviate analyst workloads will be paramount for cybersecurity teams. Rate Companies’ experience demonstrates how adopting AI in conjunction with human expertise can strengthen the effectiveness of security measures, shaping a robust response to the challenges posed by increasingly sophisticated cyber threats.

Source: Noah Wire Services

More on this