2. Reassess communications with management
The relationship between cyber security and management is also moving centre stage for regulators. That looks problematic for many financial services: in EY’s GISS, more than half (57%) of the sector’s CISOs complain they are not consulted in a timely fashion over strategic decisions that the organisations makes.
The challenge for the year ahead is to build structures that ensure cyber security is able to play its key strategic role – to ensure the organisation’s leadership understands risk so that it can make informed business decisions. How can you use solutions such as Tanium’s cybersecurity reporting tools to build a data-driven story to take to the board? Does your organisation even have a policy setting out its appetite for cyber risk?
3. Invest in detection alongside prevention
The changing attack landscape – including the increased sophistication of attackers now using machine learning and artificial intelligence tools – makes it imperative for financial services businesses to invest anew in their detection capabilities. Solutions such as Tanium’s endpoint management security platform, which monitors every endpoint for risk and threat, and automates the response, will prove invaluable.
Good IT hygiene is crucial for every organisation, and the focus on prevention makes sense – but this work alone is not enough. In EY’s GISS, 53% of financial services CISOs conceded they did not know whether their defences were strong enough to prevent cyber attackers with new strategies breaking through.
4. Get on top of SWIFT’s requirements
Is your organisation compliant with SWIFT’s latest Customer Security Programme requirements? The payments network set the end of 2021 as its deadline for compliance based on an independent assessment, so bedding down new arrangements will be an important focus in the months ahead.
The current regime includes 22 mandatory controls and a further nine advisory controls, as well as requiring an independent assessment that this work has been done. Again, tools such as Tanium’s reporting functionality will prove valuable.
5. Don’t assume the ransomware boom has peaked
An explosion in ransomware attacks has been one of the big stories of 2021 and while financial services’ organisations have defended themselves relatively well against this threat, the danger is not over. With ransomware software now widely available to a broad range of attackers, with hackers industrialising their code, 2022 is likely to see a further increase in these attacks.