Cyber threat intelligence has become mandatory for financial institutions in the Saudi Arabia to achieve SAMA Cybersecurity Framework Compliance
In line with Saudi Arabia’s Vision 2030 programme, the Kingdom of Saudi Arabia (KSA) has invested heavily in digital transformation and in combating the emerging cyber threats that have come with it – particularly in its financial services sector.
As a critical part of KSA’s digital economy, innovation, and security, the need to safeguard financial services has increased in order to ensure that sensitive data, transactions, and support services can continue without being disrupted.
To help protect financial services essential to the economy, KSA and Saudi Arabia’s Central Bank, also known as the Saudi Arabian Monetary Agency (SAMA), mandated a Cyber Security Framework (CSF) regulating the cybersecurity practices of SAMA’s financial organizations.
With growing cyber risks targeting the financial sector, SAMA also recently issued a new Threat Management subdomain of the CSF and underlying Cyber Threat Intelligence (CTI) Principles in March 2022.
The CTI Principles are best practices to help financial organizations adequately implement a new age of threat intelligence, detection, and response tactics to identify and mitigate cyber threats relevant to the financial sector.
Financial organizations who successfully implement the CTI principles mandated by SAMA will benefit from actionable threat intelligence that improves visibility into their security ecosystem, provides critical data about threat actors and landscapes, and facilitates tailored defense strategies.
Most importantly, it will enable teams to respond to security incidents faster or prevent incidents from happening in the first place.
The role of cyber threat intelligence platforms in achieving compliance
While the CTI principles will improve the security posture of SAMA members, security leaders can expect a significant investment of resources to add this layer of threat intelligence, detection and response.
To mitigate the additional time and staff needed to implement the CTI principles, organizations should consider advanced threat intelligence tools that meet and support many of the principles outlined by the SAMA framework.
For SAMA financial institutions that need to scale threat intelligence capabilities quickly, cyber threat intelligence platforms like Resecurity’s Context™ accelerate analysis, prevention, and investigation workflows with lightning-fast search and data science and contextualizes threat data to make it clear and actionable.
Through cyber threat intelligence platforms, security teams can transform from managing many streams of raw intelligence and false positives to leveraging a single tool that provides a one-stop-shop for comprehensive threat intelligence data and real-time insights.
These platforms can also enable financial organizations to create their own cyber threat intelligence center or cyber fusion center and accelerate operations of their SOC.
Aligned to the Intelligence Lifecycle used by law enforcement and national security agencies, Context™ follows the same six-step process to provide a balanced and comprehensive threat intelligence gathering and analysis approach. In the scope of the SAMA Framework, Resecurity’s threat intelligence platform delivers:
- Actionable cyber threat intelligence and feeds related to the financial sector consumed from over 35,000 unique data points,
- Indicators of compromise (IoCs) related to online banking and e-commerce malware targeting customers in KSA,
- Proactive alerts describing new threat actors, cybercriminal groups, and their Tools, Tactics, and Procedures (TTPs) used in cyberattacks,
- Assistance and expert support with threat intelligence briefings designed by Certified Cyber Threat Intelligence Analysts,
- Human intelligence (HUMINT) services and investigative support analyse the malicious activity in-depth.
Combating financial crimes and online-banking fraud
With the rise of digital banking and new financial services, cybercriminals actively target consumers to steal their funds and perform unauthorized transactions. Saudi Arabia is known as MENA’s top digital banking market with the fastest growth in digital banking.
“Saudi Arabia is one of the most attractive targets for cybercriminals operating on the Dark Web. Accordingly, we have seen many underground marketplaces selling online-banking credentials and credit card data related to consumers of major financial institutions in KSA.
“The threat of ransomware, network intrusions and targeted attacks is extremely high. This has been confirmed by a spike of relevant tradecraft used by APT groups and financially-motivated actors,” said Christian Lees, Chief Technology Officer of Resecurity, Inc.
Threat actors develop and distribute malicious code to steal online banking credentials, create fake mobile apps and intercept credit card data via fake forms and targeted phishing campaigns.
The implementation of CTI for banking and fintech aims to increase the visibility of financial institutions across the actual threat landscape and enable them to track threat actors and cybercriminal groups, their tools, tactics and procedures (TTPs) to protect their customers.
New SAMA regulations encourage banks to collect up-to-date threat intelligence data on the local and regional levels and appoint a dedicated person and a team for further collaboration.
“The framework contains recommendations on operational procedures related to Dark Web data collection and investigation of malicious activity. Specialized cyber threat intelligence vendors can fulfill SAMA’s requirements with the proper platforms and experience. Resecurity is dedicated to helping banks stay compliant and make their customers safer,” Lees said.
Cyber Threat Intelligence (CTI) is a vital component of modern cybersecurity operations. New SAMA CTI principal regulations are an exciting step towards securing KSA’s digital economy and the financial services critical to future growth and innovation.
Accordingly, security leaders at financial institutions must adapt and leverage the latest cybersecurity intelligence and tactics quickly and at scale.
Malaysia has been referred to as a ‘quiet leader in cybersecurity. While the Global Cybersecurity Index reported Malaysia having strengths in cybersecurity policies and international alliances, it also noted shortcomings in its cyber defense capabilities. Accordingly, the country is amping up its technical infrastructure, cyber defense skills and digital ecosystem visibility to combat the increased cyber threats that will come with its ICT growth.
“Malaysian organizations should expect to see an increased focus and requirements regarding cybersecurity and threat intelligence as the country invests in the ICT market. Specifically, this type of threat intelligence will be critical for Malaysia’s law enforcement, military and defense sectors as they also prepare for the increase of cyberattacks that will come with the country’s digitization,” said Christian Lees, Chief Technology Officer (CTO) at Resecurity Inc, U.S.-based cybersecurity and intelligence company protecting Fortune 100 companies globally.
Today, the Malaysian government’s ICT cybersecurity laws and policies are still being drafted, revised, and reviewed to align with regional and international standards. However, Malaysian law enforcement and defense organizations are already investigating cyber threat intelligence partners that can improve detection and response time, monitor real-time cyber threats and increase visibility across their digital ecosystems.