Strategies for Managing the Cyber Security Risk

By Anthony Young

The financial services industry is used to regulation, but having an effective cyber security strategy is not as simple as ticking the boxes – it needs to constantly evolve. This is especially true when organisations build competitive scale by undertaking mergers, acquisitions and increasing their third-party suppliers. Organisations need to understand the threats, regularly testing their own defences in order to best protect themselves from attack.

 

The financial services sector is an obvious target for cyber criminals because of the sheer volume of personal data that it holds, as well as the amount of money that it controls. The frequency of these attacks, or at least the reporting of them, seems to be increasing. According to the Financial Conduct Authority (FCA), reported cyber attacks on financial firms increased by 12 fold in 2018 when compared to the previous year1. Retail banking was cited as the most affected sector, with the primary cause of these cyber incidents being attributed to third-party failure, closely followed by hardware and software, and change management.

This high incidence of attacks attributed to third-parties is supported by findings from the Ponemon Institute2. It found that although many financial services organisations still develop their own software, many are becoming reliant on third-party independent vendors to deliver the latest technology. However, according to the same report, many organisations do not require third-parties to adhere to the same cyber security measures as themselves.

 
Please login or register to continue reading... Registration is simple and it is free!

About the Author

Anthony Young is a Founding Director at Bridewell Consulting, one of the UK’s leading independent cyber security companies. He has been involved in cyber security for more than 16 years, with a background in information security, governance, risk and compliance. Starting his career with a small consulting company, he joined Barclay Simpson to develop its contract information security division. Anthony founded Bridewell Consulting in 2013, and built a world-class cyber security company that focuses on customer satisfaction and long-term relationships.

References
1. https://www.computing.co.uk/ctg/news/3078272/12-fold-increase-in-cyber- crime-financial-services
2. https://www.synopsys.com/content/dam/synopsys/sig-assetsreports/software-security-financial-services-ponemon.pdf
3. https://blogs.deloitte.co.uk/financialservices/2019/05/blog-eu
-regulators-recommend-fresh-legislation-on-cyber-and-it-risk-in-the-financial-sector-.html
4.http://www.infoblox.com/wp-content/uploads/infoblox-whitepaper-sans-top-new-attacks-and-threat-report.pdf?mkt_tok=eyJpIjoiWVdZeVpXSm1ObVEyTkRVMiIsInQiOiJPeHEwbXF2YXE2Z0VPWFRyMmYrclwvTzJVa3JhTkUyTEp3VG1iVno0N0ZBUUNGV0lGWm4zUW5mNnFRamlSZTRFU3NZenFLVFhsQTFFbnhXVmt3c29Hb3d4elpLWThqOVFkRllPT3NwcFpMdU1NemI3RnU1UUlCZEt5aWVnSm5EY1MifQ%3D%3D
5. https://www.synopsys.com/content/dam/synopsys/sig-assets/reports/software-security-financial-services-ponemon.pdf
6. https://blogs.deloitte.co.uk/financialservices/2018/05/cybe

r-resilience-and-the-european-central-bank-.html

The views expressed in this article are those of the authors and do not necessarily reflect the views or policies of The World Financial Review.