Follow on Google News News By Tag Industry News Country(s) Industry News
Follow on Google News | Financial Sector needs to tackle Cyber Resilience urges AurigaSecurity consultancy identifies top five points of failure in recovering from an attack
By: Auriga Statistics suggest the likelihood of a breach is increasing. The number of attacks being carried out against the financial sector are said to number 3:1 compared to other industries, and 585 breaches were investigated by the Information Commissioner’ Auriga’s warning echoes those expressed by The Bank of England in the recent Financial Stability Report (FSR) issued 1 July 2015 which identified the need for financial organisations to adopt a state of readiness to facilitate rapid recovery. The Financial Policy Committee has revised its recommendations in line with the FSR calling for regulators to conduct “a regular assessment of the resilience to cyber attacks of firms at the core of the financial system” with a report on the outcome of these assessments due to be published in summer 2016. Financial sector organisations stand to benefit by addressing the issue of Cyber Resilience today by reviewing current practise. Auriga has identified the following five potential points of failure that hamper recovery efforts: Five Points of Failure 1. Restricting information – Information is the lifeblood of effective threat intelligence. But while many organisations will have threat intelligence channels, with some even having dedicated threat intelligence teams, the way in which information is handled across the business is seldom examined. Information has to be defused if it is to be effective therefore processes need to be in place to ensure information flows via threat handling agents and out into the arteries of the business. 2. Static roles – Management of cyber response often falls under the remit of the CRO or CISO but many become confused over their role in the event of a breach. Should they enforce policy? Do they refer or take action? How should they cooperate with other departments? 3. Outsourcing because of ignorance – A recent consultancy survey found only 41 percent of the 450 senior risk management respondents surveyed felt they had the skills needed to understand the impact of multiple digital technologies. Consequently, they sought external assistance from fraud experts and even hackers. Supplementing inhouse knowledge by importing expertise is advisable but be wary of who you approach and be clear on your objectives. 4. Shopping for scenarios – Avoid off-the-shelf scenario planning or ‘playbooks’ 5. Untested Incident Response – Most organisations will have an Incident Response (IR) plan but surprisingly few are put to the test. Stress bust testing can reveal bottlenecks created by communication issues and lengthy response times. Consider also have far the IR goes. Does it go beyond the IT team and involve the legal and corporate communications teams, for instance? How will recovery be aided both internally and externally by these teams? “The financial sector is being subjected to an unprecedented number of attacks, across numerous vectors, motivated by a variety of intentions. Fending off every attack is simply not possible and yet the emphasis is continually placed solely on investing in more generic security protection based solutions; more emphasis needs to be placed on detection and response. There is a big difference between implementing good security countermeasures and implementing the right security countermeasures. Cyber attacks affecting your industry and organisation must inform your Cyber Defences” said James Henry, UK Southern Region Manager, Auriga. “The BoE has focused the spotlight on the need to facilitate rapid recovery and every financial organisation can increase its security stance exponentially by improving Cyber Resilience. It is possible to improve cyber ‘readiness’ End
Account Email Address Account Phone Number Disclaimer Report Abuse
|
|