Is there an answer to the onslaught of cyber attacks faced by financial services firms?

Shannon Simpson, cyber security and compliance director at Six Degrees, suggests an outsourced approach as one way to address security challenges Addressing the cyber attacks faced by financial services firms? image

Financial institutions are under siege, falling victim to cyber security attacks 300 times more frequently than businesses in other industries. The growth in volume and sophistication of cyber-threats, combined with tightening regulations, mean that financial institutions are having to step up their security postures significantly.

Meeting contemporary cyber-threats head-on requires a high level of staff awareness and training, along with well-defined processes and sophisticated security systems that need to be closely monitored and managed. In addition, financial institutions deal with highly confidential data that needs to be stored and managed securely and in a compliant manner without unduly impacting on agility and business as usual (BAU) requirements.

This is no small task. When it comes to prioritising and strengthening cyber security, one logical approach that may just be the answer for many financial institutions without the skills or the depth of resource to manage their security posture is to work with a partner that has the right combination of technology and services.

Under the radar cyber attacks costing financial services firms $924,390

EfficientIP’s DNS Threat Report reveals an alarming 57% rise in the cost of cyber attacks for financial services firms

But where to start, and what to look for?

Financial institutions are increasingly looking to work with technology partners that can deliver the full spectrum of IT managed services and support. Evolving cyber-threats are forcing managed service providers to re-evaluate their security offerings, which is leading to improvements in the outsourced security options available to financial institutions.

Seven in ten FTSE 100 companies are not ready for the next major DNS attack, says study

A report reveals that 68% of the top 50 companies listed in the Fortune 500 are not adequately prepared to be taken off the Internet by a targeted traffic-lead approach

However, not all technology partners are equal when it comes to financial institutions’ unique needs. Here are five considerations that businesses in the finance sector can take before outsourcing their cyber security function.

  1. Choose a technology partner that can provide support throughout the security journey. The right technology partner should support the organisation, from initial advice on what needs to be done, through the implementation of best practices to compliance testing and remediation. They should help to identify gaps in people, processes and technology, and help to test against vertically-aligned compliance regimes.
  2. Ensure that the prospective technology partner is vertically aligned. Every sector has its own unique security requirements and technology drivers. This is especially true in the finance sector, where technology providers will be expected to engage with investors and support with any engagement needed with regulatory bodies.
  3. Establish a security posture in relation to peers. Many financial institutions find it beneficial to benchmark their security posture against their peers, especially at board level. Depending on whether it’s relevant for a financial organisation, it’s important to ensure that the work undertaken with a technology partner has the ability to provide this information.
  4. Build a picture of cyber security risk and maturity and make better business decisions. Look for a technology partner that will help to continuously make prioritised, actionable cyber security decisions to improve business resilience, while adapting to emerging business objectives, changing technology and the evolving threat landscape. Remember that this partner will be a third party supplier and will present a risk. Any organisation’s risk management processes should be robust enough to determine whether risk is reduced or increased by the use of a third party based on the data and access in question. A good partner will help with this.
  5. Check security accreditations. It should go without saying, but when it comes to security a technology partner should practice what they preach. ISO 27001 and Cyber Essentials Plus are a minimum (though the scope of these certifications should be checked), PCI DSS (if credit card data is involved) and PSN Service Provider (public sector) are mandatory in their respective fields. However, it’s more important to check firsthand – ask to see recent penetration test results, network designs, security policies and physical sites.

Hardening the security posture of a financial institution and guarding against cyber-threats can be made significantly more straightforward by working with an experienced technology partner. Choosing the right one requires appropriate diligence, and this is especially true for financial institutions dealing with unique pressures from investors, regulatory bodies and ever more cunning and resourceful cyber criminals. It may seem onerous, but making the right choice of a partner means being equipped with what is needed to tackle today’s cyber-threats head on.

Written by Shannon Simpson, cyber security and compliance director at Six Degrees

The Open Banking initiative: One year on — what’s changed and what can we expect?

Open Banking — happy birthday! But have you had the impact many thought you would? No, but you’ll be walking and even running soon

Latest news

divider
News
Wirex and Elliptic unite in new approach to fight cryptocurrency fraud

Wirex and Elliptic unite in new approach to fight cryptocurrency fraud

24 May 2019 / Borderless payments platform Wirex and cryptocurrency compliance provider Elliptic, have strengthened their collaboration in order [...]

divider
News
Intelligent data pipelines partnership revealed by Databricks and Informatica

Intelligent data pipelines partnership revealed by Databricks and Informatica

24 May 2019 / The intelligent data pipelines collaboration will enable customers to quickly ingest data directly into a [...]

divider
Cybersecurity
Is your company spending enough on their cyber security budget?

Is your company spending enough on their cyber security budget?

24 May 2019 / Cyber security should be, if it isn’t already, at the very top of budget spending [...]

divider
Events
Data Leadership Summit: 12 months on – how GDPR influenced business

Data Leadership Summit: 12 months on – how GDPR influenced business

23 May 2019 / Reflecting on the past 12 months in a panel discussion this morning, Neil Currie, head [...]

divider
Digital Transformation
Digital transformation remains impossible without solving the WAN problem

Digital transformation remains impossible without solving the WAN problem

23 May 2019 / For the last few years, digital transformation has become a major rallying cry for organisations [...]

divider
Case Studies
Fitbit: from start-up to global health phenomenon

Fitbit: from start-up to global health phenomenon

22 May 2019 / Fitbit was founded 12 years ago by Eric Friedman, the current CTO and James Park, [...]

divider
Business Skills
AI and machine learning driving skills revolution in business intelligence

AI and machine learning driving skills revolution in business intelligence

22 May 2019 / An explosion in the growth of emerging technologies such as AI and machine learning is [...]

divider
Data Analytics & Data Science
Making an organisation data literate: Jason Teoh from Openreach, part of BT, talks to Information Age

Making an organisation data literate: Jason Teoh from Openreach, part of BT, talks to Information Age

22 May 2019 / We run the “UK’s digital network business” says Jason Teoh, when he spoke to Information [...]

divider
Data Analytics & Data Science
New report highlights issues around productivity in data science and analytics

New report highlights issues around productivity in data science and analytics

22 May 2019 / Tens of millions of data workers face productivity woes as complexity grows in data science [...]

Do NOT follow this link or you will be banned from the site!

Pin It on Pinterest