Is there an answer to the onslaught of cyber attacks faced by financial services firms?

Shannon Simpson, cyber security and compliance director at Six Degrees, suggests an outsourced approach as one way to address security challenges Addressing the cyber attacks faced by financial services firms? image

Financial institutions are under siege, falling victim to cyber security attacks 300 times more frequently than businesses in other industries. The growth in volume and sophistication of cyber-threats, combined with tightening regulations, mean that financial institutions are having to step up their security postures significantly.

Meeting contemporary cyber-threats head-on requires a high level of staff awareness and training, along with well-defined processes and sophisticated security systems that need to be closely monitored and managed. In addition, financial institutions deal with highly confidential data that needs to be stored and managed securely and in a compliant manner without unduly impacting on agility and business as usual (BAU) requirements.

This is no small task. When it comes to prioritising and strengthening cyber security, one logical approach that may just be the answer for many financial institutions without the skills or the depth of resource to manage their security posture is to work with a partner that has the right combination of technology and services.

Under the radar cyber attacks costing financial services firms $924,390

EfficientIP’s DNS Threat Report reveals an alarming 57% rise in the cost of cyber attacks for financial services firms

But where to start, and what to look for?

Financial institutions are increasingly looking to work with technology partners that can deliver the full spectrum of IT managed services and support. Evolving cyber-threats are forcing managed service providers to re-evaluate their security offerings, which is leading to improvements in the outsourced security options available to financial institutions.

Seven in ten FTSE 100 companies are not ready for the next major DNS attack, says study

A report reveals that 68% of the top 50 companies listed in the Fortune 500 are not adequately prepared to be taken off the Internet by a targeted traffic-lead approach

However, not all technology partners are equal when it comes to financial institutions’ unique needs. Here are five considerations that businesses in the finance sector can take before outsourcing their cyber security function.

  1. Choose a technology partner that can provide support throughout the security journey. The right technology partner should support the organisation, from initial advice on what needs to be done, through the implementation of best practices to compliance testing and remediation. They should help to identify gaps in people, processes and technology, and help to test against vertically-aligned compliance regimes.
  2. Ensure that the prospective technology partner is vertically aligned. Every sector has its own unique security requirements and technology drivers. This is especially true in the finance sector, where technology providers will be expected to engage with investors and support with any engagement needed with regulatory bodies.
  3. Establish a security posture in relation to peers. Many financial institutions find it beneficial to benchmark their security posture against their peers, especially at board level. Depending on whether it’s relevant for a financial organisation, it’s important to ensure that the work undertaken with a technology partner has the ability to provide this information.
  4. Build a picture of cyber security risk and maturity and make better business decisions. Look for a technology partner that will help to continuously make prioritised, actionable cyber security decisions to improve business resilience, while adapting to emerging business objectives, changing technology and the evolving threat landscape. Remember that this partner will be a third party supplier and will present a risk. Any organisation’s risk management processes should be robust enough to determine whether risk is reduced or increased by the use of a third party based on the data and access in question. A good partner will help with this.
  5. Check security accreditations. It should go without saying, but when it comes to security a technology partner should practice what they preach. ISO 27001 and Cyber Essentials Plus are a minimum (though the scope of these certifications should be checked), PCI DSS (if credit card data is involved) and PSN Service Provider (public sector) are mandatory in their respective fields. However, it’s more important to check firsthand – ask to see recent penetration test results, network designs, security policies and physical sites.

Hardening the security posture of a financial institution and guarding against cyber-threats can be made significantly more straightforward by working with an experienced technology partner. Choosing the right one requires appropriate diligence, and this is especially true for financial institutions dealing with unique pressures from investors, regulatory bodies and ever more cunning and resourceful cyber criminals. It may seem onerous, but making the right choice of a partner means being equipped with what is needed to tackle today’s cyber-threats head on.

Written by Shannon Simpson, cyber security and compliance director at Six Degrees

The Open Banking initiative: One year on — what’s changed and what can we expect?

Open Banking — happy birthday! But have you had the impact many thought you would? No, but you’ll be walking and even running soon

Latest news

divider
Digital Transformation
The four steps you need to take to kick-start the leadership revolution

The four steps you need to take to kick-start the leadership revolution

26 March 2019 / Organisations are significantly increasing their investment in new digital technologies. Yet, it would be easy [...]

divider
Data Analytics & Data Science
The unstructured data pandemic

The unstructured data pandemic

26 March 2019 / Gartner estimates that today over 80% of enterprise data is unstructured. That means that the [...]

divider
Business & Strategy
Majority of remote workers are being excluded from meetings

Majority of remote workers are being excluded from meetings

25 March 2019 / New data from Igloo Software released today shows 56% of remote employees missed out on [...]

divider
Business Skills
Bracing for the inevitable skills crisis

Bracing for the inevitable skills crisis

25 March 2019 / EU migration hit a six-year low following the Brexit vote. For industries projected to grow, [...]

divider
Cybersecurity
Lack of skills the main challenge in recruiting information security talent

Lack of skills the main challenge in recruiting information security talent

25 March 2019 / Despite, Raj Samani — chief data scientist at McAfee — last week claiming that there [...]

divider
AI & Machine Learning
Kasparov and AI: the gulf between perception and reality

Kasparov and AI: the gulf between perception and reality

25 March 2019 / Kasparov and AI “Chess used to be connected to the mysteries of human intelligence,” said [...]

divider
AI & Machine Learning
Machine learning is not real learning argues a new paper

Machine learning is not real learning argues a new paper

25 March 2019 / Artificial intelligence is a misleading phrase, or so many argue. It is misleading because there [...]

divider
Automotive
Overcoming simulation hurdles to expedite the fully autonomous vehicle

Overcoming simulation hurdles to expedite the fully autonomous vehicle

25 March 2019 / Not a day goes by without artificial intelligence (AI) and machine learning (ML) making headlines. [...]

divider
Data Analytics & Data Science
Data gurus comment on Revoke Article 50 petition

Data gurus comment on Revoke Article 50 petition

22 March 2019 / “You have to take the data with a pinch of salt, especially as the second [...]

Do NOT follow this link or you will be banned from the site!

Pin It on Pinterest