6 Cyber Security Tips for Financial Institutions
Cyber Criminals are becoming more sophisticated in their attacks, with
more breaches being reported more than ever, now is the time to take
action and safeguard your sensitive data with our 6 top tips for Financial
By Jamie Ritchie
The increase and sophistication of cyber-related attacks has raised a new level of awareness and the need to strengthen cyber security controls. The number of data breaches reported by UK financial services firms to the Financial Conduct Authority (FCA) increased 480% in 2018, to 145 up from just 25 in 2017*, shows research from RPC, the City-headquartered law firm. Some of the breaches reported by financial institutions involved Phishing, malware, unpatched systems, denial of service attacks, and weakness in third party service provider’s management.
Whether a direct result from cyber security attacks or due to new regulations, financial institutions should reassess their security posture, and make every effort to implement strong security controls in order safeguard sensitive information, maintain compliance with laws and regulations and manage risk.
“Until you have experienced something like this, you don’t realise just what can happen, just how serious it can be.”
“I had no intuitive idea on how to move forward.”
Maersk CEO Soren Skou on how to survive a cyber attack – Financial Times, 14th August 2017
“Companies spend millions of dollars on firewalls, encryption and secure access devices, and it’s money wasted; none of these measures address the weakest link in the security chain.”
– Kevin Mitnick, “The World’s Most Famous Hacker” – Fix Global 18th April 2017
“There’s no silver bullet solution with cyber security, a layered defence is the only viable defence” –
James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
The following are a few tips for improving your organisation’s Cyber Security posture:
Assess the risk: Perform a Security Risk Assessment to identify weaknesses, vulnerabilities, assess threats and attacks vectors. The risk assessment will help you determine the inherent risk profile of your organisation, as well as help you to develop a strategy to implement security controls to enhance your security posture. Performing a risk assessment is an essential part of building and maintaining a strong security program.
Define security controls: Develop a strategy that defines control objectives and establishes an implementation plan. The security strategy should include:
- Appropriate consideration of prevention, detection and response mechanisms
- Implementation of the least permissions and least privileges concepts
- Layered controls that establish multiple control points between threats and organisation assets
Perform periodic audits: Audits are not only a good practice, but they help identify weaknesses in IT controls. They are important to ensure security controls are working effectively, and ensure that security policies are in compliance with applicable standards, regulatory compliance laws and regulations.
Implement security monitoring: Continuous monitoring ensures continued effectiveness of all security controls. A robust security monitoring will also help enhancing your Incident Response capabilities.
Develop a strong service provider security oversight:
- Determine if service providers’ contracts contain security requirements that at least meet the objectives of your information security program.
- Develop a Security Risk Assessment questionnaire and make it a requirement for every service provider connecting to your infrastructure.
- Ensure the service provider has implemented a security program and that the adequate controls, commensurate with the risk, are implemented.
Follow the guidance:
- Make examiners and auditors happy by developing your security program, following the appropriate guidelines.
- For further detail and examples of good and poor practice in data security, see Chapter 5 in Part 1 and Chapters 6 and 10 in Part 2 of the FCA’s document “Financial Crime: A Guide for Firms Part 1”
- and “Financial Crime: A Guide for Firms Part 2″
Get ahead… be familiar with the FCA Data Security standards and and speak with your IT provider to understand how your organisation is adhering to the standards.
Following these guidelines will help you fortify your organisation’s security program. We know by experience that this is not a simple task; it requires strategic planning, time and resources in order to build, implement and maintain a strong program. Working in partnership with a trusted security partner like SR Cloud Solutions you are already on the path where you can confidently assess, develop, implement and/or enhance your cyber security program.