MFA-Powered Microsegmentation For Financial Services
Financial Services companies must protect customer data needs — including sensitive financial information. As a result, regulations designed to ensure the protection of customers using financial services continues to evolve and become more stringent, making it difficult for financial services companies to stay compliant with all relevant regulations.
DORA, NIS2, and — most recently — the NY Department of Financial Services (DFS) Regulations outline thorough requirements for banks and financial services organizations with over $1 billion in annual revenue. This includes the requirement to implement segmentation and multi-factor authentication (MFA) in their cybersecurity strategy.
According to the DFS Guidance for MFA, some of the most common violations to their cybersecurity regulations include:
- Legacy systems that don’t support MFA
- Lack of MFA for remote access to key applications
- Lack of MFA for third parties that have access to sensitive information
- Lack of MFA for privileged accounts
The purpose of such strict regulations for MFA is to prevent lateral movement, which is one of the most basic and common tactics that attackers use to spread ransomware and access sensitive data. Most cyberattacks — even when they don’t make the news — follow the same basic plot. It almost always starts with machine compromise, followed by recon, exploitation of a vulnerability and then a host of other tactics to move laterally and cause damage.
Luckily, this order of operations relies on a single basic assumption: the compromised machine will have direct network line of sight to other machines that the attacker can damage and steal information from. In other words, to stop attacks we need to stop lateral movement. This is where MFA-powered microsegmentation comes in.
Zero Networks makes MFA-everywhere easy and scalable. Financial Services customers, with over $1B in annual revenue, are 35% of our customer base and growing. From ease of deployment to integration with existing IT systems, Zero Networks is your one-stop solution to stay compliant with cybersecurity regulations — including MFA-everywhere — while successfully and effectively keeping your organization safe from attackers.