Concerns about increasing cyber threats has become a boardroom issue in the financial services sector and employee training is an area for improvement too, according to a recent report.
Computer Weekly has revealed chief information security officers (CISOs) from the finance sector have identified employee training and regular reporting to boards as essential to improving cyber security practices. The finance sector has also identified infrastructure upgrades and network defence as top priorities followed by breach prevention.
The magazine was using responses from a poll undertaken by the Financial Services Information Sharing and Analysis Center (FS-ISAC) to reveal that while cyber security used to be handled by the IT team in the server room, it is now a boardroom topic. And while CISOs used to report to the board on a quarterly basis, the report recommends a move towards more regular reporting and getting non-technical staff up to speed on security risks and effective defences.
In terms of employee training, the report urges the finance sector to improve their knowledge on the perils of downloading and executing unknown applications on company networks and devices while also encouraging them to report suspicious emails and attachments.
With security an increasing concern for financial institutions, the role of the CISO has been thrust into the organisational spotlight.
The FS-ISAC report came hot on the heels of another one undertaken by our virtualisation partner, VMware. This was UK focused and revealed IT security professionals in financial services firms were losing the battle to keep vital data safe against a rising tide of cyber threats, with 90% of respondents stating they have had to make compromises which could leave other areas exposed when protecting their organisation against cyber threats.
The report highlighted a need to balance financial organisations’ rapid digital transformation and the ensuing flaws that are ripe for exploitation with stringent cyber security practices and, crucially, for leadership teams to buy into this and to understand the complexity of the cyber threats they are facing.
Richard Bennett, European head of accelerate and advisory services at VMware, said: “This involves understanding that cyber security does not begin and end with IT, but is a challenge for the whole organisation. It is also about recognising that adaptive networking, applications and systems are no longer nice-to-haves, and that cyber hygiene is intrinsic to a company’s digital footprint today.”
While much of this concern is aimed at banks, but we believe the financial services industry as a whole should be concerned. In fact, any business or organisation that holds client personal or financial information needs to get cyber security on their agenda and be abreast of the protection and education they need.