Connect with us
Finance Digest is a leading online platform for finance and business news, providing insights on banking, finance, technology, investing,trading, insurance, fintech, and more. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.
FINANCE

Three areas of focus for Financial Service CISOs in 2022

Published On :

By James Mingard, Head of Retail & Finance at Maintel

Research suggests there has been a 1,300% increase in ransomware attacks on financial institutions, with the National Cyber Security Centre (NSCS) reporting that over a third of financial services firms were hit by ransomware in the last year – with attacks costing an average of $2.1 million.

Such weaponry is easily accessible to even the most junior of cybercriminals who can engage underground ransomware-as-a-service almost as easily as any everyday SaaS solution. As such there are thousands of computers scanning every internet-connected machine for vulnerabilities, and too often, they are easily found. For example, in March 2021, Microsoft revealed the exploitation of ‘zero-day’ vulnerabilities in its popular Exchange software, which was being could be used as a cypher for ransomware. The bottom line is that no organisation is safe. 

With the pandemic only increasing the number of attacks levelled at financial services, this year must see cyber threat mitigation rise to the top of board priorities – not just in terms of the potential for financial loss. In the event of an attack, the Chief Information Security Officer (CISO) will have to answer for the loss of productivity, reputation and growing consumer concern around data privacy and the raft of laws that now govern this. There are three focus points CISO’s will need to consider to ensure minimal risk and maximum preparedness in 2022. 

1 – Zero compromise on Zero Trust

If they haven’t already CISOs must adopt a Zero Trust mantra and instil this across the organisation.  As PwC puts it, ‘Start by assuming that your users are already compromised’. Least-privilege access combined with behaviour monitoring must become ubiquitous, with NCSC urging companies to choose services designed for zero trust. New services such as PAM – Privilege Access Management – will be increasingly integrated into Zero Trust solutions, where user credentials and privileges are finely honed, controlled, and audited. 

2 – Meet ‘Anywhere working’ with xDR

With the new ‘office anywhere’ working model, Endpoint Detect and Respond, which brings enormous value, must now evolve to support and secure the hybrid workforce. The evolution of the wider network fabric means that next-level eXtended Detect and Respond (XDR) solutions are really the only option. XDR is no longer a buzzword. As Forrester Analyst, Allie Mellen explains:

 ‘The evolution of EDR, optimises threat detection, investigation, response, and hunting in real-time. XDR unifies security-relevant endpoint detections with telemetry from security and business tools such as network analysis and visibility (NAV), email security, identity and access management, cloud security, and more. It is a cloud-native platform built on big data infrastructure to provide security teams with flexibility, scalability, and opportunities for automation.’    

The XDR multi-layered (but, crucially, avoiding siloing) approach has the potential to match the multi-faceted, ever-more creative attacks launched by bad actors. It is a way to uncover the unknown gaps waiting to be exploited, and new gaps brought about by new working cultures. As highlighted by the Enterprise Strategy Group, 70% of organisations reported to them that an XDR budget would be set aside within the next 12 months. Nearly one-fifth reported an existing XDR project — for example, integrating EDR and network detection and response tools. It’s clear. XDR isn’t a passing fad, it’s not even the future. It’s the solution needed here and now. 

3 – The rise of the ‘R’ 

Of course, approaches like XDR will continue to use novel applications of AI and ML to improve detection accuracy and provide a faster, more efficient incident response.  The rise of the ‘R’ or Respond will be a key differentiator and as the liabilities grow, being able to react to IOC’s – Indicators of Compromise – could mean success or failure. As research published in the Journal of Cybersecurity and Privacy explored, ‘traditional indicators of compromise may not always capture the breath or essence of a cyber security threat or attack campaign, possibly leading to false alert fatigue and missed detections with security analysts’. 

Continue Reading

Why pay for news and opinions when you can get them for free?

       Subscribe for free now!


By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Posts