As you read in part one of this blog, Cybersecurity threats have never been greater. It is imperative that your financial services organization is prepared to detect and combat even the most sophisticated cyber-attacks. Cybersecurity month brought this issue top of mind for so many in the financial services world, and now it is time to put the information into action.
Last week we starting discussing the five-point strategy to bolster cyber resilience. We walked through the first two points: Secure by Design and Zero Trust. Now let’s jump into the final three elements of this strategy.
#3) Third Party Cyber Risk Assessment
As financial services firms continue to strengthen their cyber resilience, cyber threat actors have been working hard to identify vulnerabilities both internal and external to the firm to gain access to financial data. Most financial services firms have a large ecosystem of partners (customer service, software development, equipment providers, media and internet marketing, etc.) external to the firm, who augment the firm’s products and services with their own and/or play a critical role in developing, deploying, or maintaining the firm’s products and services. These ecosystem partners are all connected to the firms network, have access to critical financial data, and are expected to comply with the firm’s risk and compliance policies. Our research has identified that “70% of Financial Third-Party Vendors have Unacceptable Compliance to Regulations” and “do not have a focus on Insider Threats and Patching”.
Cisco’s Third-Party Security Assessment Program provides financial services firms with proactive services to validate security posture within the firm’s third-party vendors and provides direction for improvement of systems, processes to each vendor, including relevant training and certification support.
#4) Security Awareness Training (Employee Training)
It’s become evident that, often, the weakest link in many cybersecurity defenses are people. In fact, according to the 2019 Gartner Magic Quadrant for Security Awareness Computer-Based Training, “People influence security more than technology or policy and cybercriminals know how to exploit human behaviors.”
So, while technology continues to evolve, the human element will always be the most unpredictable variable to secure. In order to fortify against people-enabled losses, financial services firms are turning to security awareness and training programs. Recent events have highlighted an increased need for security awareness, as the transition to a remote workforce has unveiled new, targeted threats that require employees to detect on their own.
Cisco Security Awareness is designed to help promote and apply effective cybersecurity common sense by modifying end-user behavior. Using engaging and relevant computer-based content with various simulated attack methods, this cloud-delivered product provides comprehensive simulation, training, and reporting so employee process can be continually monitored and tracked; an important part of compliance standards such as HIPAA and GDPR.
#5) Cyber Insurance
Financial services firms are at huge financial risk when a data breach occurs. To protect themselves from such an eventuality and in light of the emerging advancement in data theft and manipulation threats, it is imperative that they protect themselves with cyber insurance. Aside from providing financial cover, these cyber insurance providers also provide their customers with advanced notification of threats. Cisco is part of an industry-first offering partnering with Apple, Aon, and Allianz to bring together the key pieces needed to manage cyber risk: security technology, secure devices, cybersecurity domain expertise, and enhanced cyber insurance (select markets only).
It is evident that there has never been a more pressing time to evaluate your cybersecurity strategy. Once you walk through the five-points above, here is one final checklist to ensure you are maximizing your cybersecurity strategy.
For a financial services firm to have a robust cyber resilient strategy:
- The cybersecurity practices of their third party partners as well as their own have to be regularly reviewed, audited and continuously enhanced.
- There must be a security-first mindset from the CEO down to every employee and partner in the organization.
- Employee awareness and training sessions on cyber hygiene best practices must be held regularly to prevent exploitable vulnerabilities and help minimize the impact of any data breach.
- Firms must collaborate with the financial services industry participants to share learnings, best practices, and develop industry wide cyber resilience strategies
Take these tips and the (above) five point cyber resilience strategy to ensure that you are doing everything you can to secure your financial services organization.