Cyber security threats and preventive measures go hand-in-hand. Yet cybercrime continues to impose threats on the financial industry. Financial services firms are 300 times as likely as other companies to be targeted by a cyberattack,” according to a report by the Boston Consulting Group. These threats can arise at any time and occur through various sources (external sources such as hackers, and internal sources such as staff members and contracted employees). Some financial companies have developed action plans with steps to take if a cyber-attack strikes, but cyber security best practices also includes establishing and initiating threat prevention methods. One example of a threat prevention method is person-centered cyber training.

Statistics show that cyber threat prevention is an immense pain point for many financial companies. In a survey of 400 security professionals in financial services, it was observed that financial institutions are better at detecting and containing cyber-attacks and less efficient at preventing them. Almost 56% of financial institutions are useful in detection, and only 31% are good at prevention.

Financial services institutions must understand how to prevent cyber threats, which may require a ground-up approach.

Financial institutions can take immediate measures to engage in threat prevention methods with person-centered training. This type of training allows an IT or cyber professional to practice and hone skills by learning specific cyber lessons pertinent to the financial sector and applicable to their job role. The more upskilled the professional, the more they will be able to protect the company and company assets. A current platform that offers specific job role training is Project Ares.

Person-Centered Training with Project Ares

Circadence’s Project Ares is a browser-based learning platform designed for teaching cyber security in an engaging and hands-on applied method. This platform offers gamification and AI to train employees on the latest cyber threats and attacks. Project Ares is made up of foundational and specialized scenarios in the form of battle rooms and missions that address current cyber threats in the financial sector. The lessons within Project Ares are developed with specific job roles in mind.

For example, various scenarios are developed with the theme of a financial service, so the trainee can learn the skills needed to prepare for a cyber threat. In these specific financial missions, the trainee will learn how to disable botnets, identify and remove suspicious malware, and protect the financial institution.

  • Mission 1 – Operation Goatherd “Disable Botnet” – Acting as a cyber mission force member, the trainee will access the command and control server of a group of hackers to disable a botnet network that is designed to execute a widespread financial scan triggering the collapse of a national bank.
  • Mission 4 – Operation Arctic Cobra “Stop Malicious Processes” – The cyber trainee will analyze network traffic and stop a malicious exfiltration process.
  • Mission 5 – Operation Wounded Bear “Protect Financial Institution” – The trainee identifies and removes malware responsible for identity theft and protects the financial network from further infections.

This individual or team-based mission training delivers collaborative skill-building experiences aligned to NIST/NICE work roles, ensuring the trainee meets specific cyber competencies. This kind of immersive, hands-on training gives learners the ability to practice various forms of threat prevention, which will benefit the company’s overall security posture in the long run.

The more trained cyber professionals are for their job roles, the more likely they will be able to safeguard against threats—and take proactive measures to better prevent cyber threats. If cyber professionals are prepared and well-informed with the right knowledge and skills in their toolbox, threat prevention will be more attainable and achievable for professionals on the frontlines of defense. Professionals will be able to spot a cyber threat, but also prevent cyber threats from breaking the bank.