Cyber risk management across the lines of defense

  • Share

Remember when stolen credit card numbers represented the height of sophistication in cybercrime? Those days are long gone. Now, complex, hard-to-detect attacks could bring down not just a single institution but also large parts of the internet and the financial markets.

Consequently, cybersecurity is no longer just about deflecting attackers. Today, it’s about figuring out how to manage and stay ahead of intruders that are already inside the organization.

Today’s attackers typically aren’t seeking quick results; rather, they attempt to insert themselves silently into a financial institution’s networks — probing for vulnerabilities, waiting for an opportune time to strike their targets or using their host’s trusted connections to infiltrate other unsuspecting institutions. These attacks often span several months or even years.

Organizations must respond to criminals who are constantly developing new, nefarious methods and techniques to achieve their objectives. As for cybercriminals’ myriad motives, some want to damage the reputations or brands of their targets; others seek customers’ or clients’ sensitive information, which can be used to compromise and steal various types of assets; and other motives are hard to discern.

Recent concerns about systemic cyber threats have elevated cyber risk to a higher place on the political and regulatory agenda. Following recent cyber attacks, the industry began to seriously consider the real risk that cyber attackers could disrupt larger financial systems rather than just harming individual firms. Such an attack could significantly disrupt financial transactions, halt entire markets, and undermine stability and trust in the financial services sector. This has led to a call for a better approach for addressing cyber risks, an approach that goes beyond being the sole concern of the information security group.

EY Omni-channel report 2015

Download full report