Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Thursday, 9 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Financial Sector needs to tackle Cyber Resilience

by The Gurus
August 18, 2015
in Editor's News
Share on FacebookShare on Twitter

Auriga Consulting Ltd (Auriga), the expert data, ICT and security consultancy, today warned that an over emphasis on defence is leaving the financial sector exposed to cyber attack. An increase in threat levels has seen the sector bolster defences by focusing on detection and attack response but recovery remains a fragmented process with little investment in Cyber Resilience. Cyber Resilience uses threat intelligence and existing internal resource to enable the organisation to cope with the inevitable: a successful attack. Auriga has identified five key points of failure that are preventing organisations from implementing an effective Cyber Resilience strategy. Top issues include board level engagement, the sharing of information, interdepartmental communication, roles and responsibilities and the testing of incident response all of which are key to aiding recovery.
Statistics suggest the likelihood of a breach is increasing. The number of attacks being carried out against the financial sector are said to number 3:1 compared to other industries, and 585 breaches were investigated by the Information Commissioner’s Office (ICO) last year. Cyber attack simulations and the pooling of threat intelligence have improved the security stance of many financial organisations but few have demonstrated effective Cyber Resilience which would enable the business to recover and resume normal business operations in the event of a breach.
Auriga’s warning echoes those expressed by The Bank of England in the recent Financial Stability Report (FSR) issued 1 July 2015 which identified the need for financial organisations to adopt a state of readiness to facilitate rapid recovery. The Financial Policy Committee has revised its recommendations in line with the FSR calling for regulators to conduct “a regular assessment of the resilience to cyber attacks of firms at the core of the financial system” with a report on the outcome of these assessments due to be published in summer 2016.
Financial sector organisations stand to benefit by addressing the issue of Cyber Resilience today by reviewing current practise. Auriga has identified the following five potential points of failure that hamper recovery efforts:
Five Points of Failure

  1. Restricting information – Information is the lifeblood of effective threat intelligence. But while many organisations will have threat intelligence channels, with some even having dedicated threat intelligence teams, the way in which information is handled across the business is seldom examined. Information has to be defused if it is to be effective therefore processes need to be in place to ensure information flows via threat handling agents and out into the arteries of the business.
  2. Static roles – Management of cyber response often falls under the remit of the CRO or CISO but many become confused over their role in the event of a breach. Should they enforce policy? Do they refer or take action? How should they cooperate with other departments? Allocate roles and responsibilities but also detail how these may change in different scenarios.
  3. Outsourcing because of ignorance – A recent consultancy survey found only 41 percent of the 450 senior risk management respondents surveyed felt they had the skills needed to understand the impact of multiple digital technologies. Consequently, they sought external assistance from fraud experts and even hackers. Supplementing inhouse knowledge by importing expertise is advisable but be wary of who you approach and be clear on your objectives.
  4. Shopping for scenarios – Avoid off-the-shelf scenario planning or ‘playbooks’. A playbook provides a plan on how the organisation will respond to and handle a given situation. Typically there will be a different playbook or contingency plan for each different attack scenario. These should be developed inhouse and specific to the company, its individual line of business and corporate structure, and aligned with the security policy.
  5. Untested Incident Response – Most organisations will have an Incident Response (IR) plan but surprisingly few are put to the test. Stress bust testing can reveal bottlenecks created by communication issues and lengthy response times. Consider also have far the IR goes. Does it go beyond the IT team and involve the legal and corporate communications teams, for instance? How will recovery be aided both internally and externally by these teams?

“The financial sector is being subjected to an unprecedented number of attacks, across numerous vectors, motivated by a variety of intentions. Fending off every attack is simply not possible and yet the emphasis is continually placed solely on investing in more generic security protection based solutions; more emphasis needs to be placed on detection and response. There is a big difference between implementing good security countermeasures and implementing the right security countermeasures. Cyber attacks affecting your industry and organisation must inform your Cyber Defences” said James Henry, UK Southern Region Manager, Auriga. “The BoE has focused the spotlight on the need to facilitate rapid recovery and every financial organisation can increase its security stance exponentially by improving Cyber Resilience. It is possible to improve cyber ‘readiness’ with clear guidance on the roles and responsibilities of relevant departments. Financial organisations need to put in place these processes and procedures to cope with the inevitability of a successful attack, ensure prompt detection and to aid swift recovery.”

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Cryptzone Appoints Cybersecurity Expert Leo Taddeo as CSO

Next Post

New Type of DDoS Attack Hits Gaming Services

Recent News

Cato Networks delivers first CASB for instant visibility and control of cloud application data risk

Cato SASE Cloud Named “Leader” and “Outperformer” in GigaOm Radar Report for SD-WAN

February 7, 2023
AT&T Cybersecurity grows SASE offering by adding Palo Alto Networks

UK second most targeted nation behind America for Ransomware

February 7, 2023
safe

Will Emphasising App Security Lead to More App Installs?

February 6, 2023
Phone with app store open

$400,000 Fine for Stalkerware App Developer

February 6, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information