INDUSTRY WATCH
IN 2018, THE FINANCIAL
CONDUCT AUTHORITY
REPORTED THAT
THE NUMBER OF
CYBERATTACKS AGAINST
FINANCIAL SERVICES
COMPANIES HAD RISEN BY
MORE THAN 80%.
I
n 2018, the Financial Conduct
Authority reported that the number
of cyberattacks against financial
services companies had risen by more
than 80%. So, why are attacks up when
most of the financial sector has been
working hard and spending lots of
money on cybersecurity? Yes, the threats
are greater and our environments are
more complex, but maybe we’ve been
spending the money on the wrong things.
Surprisingly, maybe the best place to
start is with the basics.
Financial services organisations still find
it difficult to demonstrate strong control
over their enterprise cyberhygiene and
thus effectively remediate cybersecurity
risks. This is because the bigger the
company, the more challenging it is
to maintain these ‘basics’, such as
identifying IT assets, updating software,
patching it, operating standard controls
and educating users. However, given
that addressing this issue of enterprise
cyberhygiene could stop the majority of
all threats, it needs to continue to be a
key focus for financial services security
teams around the globe.
Back to the basics
Why is it that industry has been trying
to solve the basics of security for literally
decades? They are still dealing with
too much access, code vulnerabilities,
www.intelligentcio.com
system patching, etc. And it’s not like
they haven’t been trying. In fact, many
of them have been trying so hard, to no
avail. It’s so easy today to get caught
up in the latest threat, the latest article
the Board flags and play the whack-a-
mole game in security. Not only is this
inefficient but it takes their eyes off the
real problem – enterprise cyberhygiene.
Additionally, they seem to have more and
more people wanting to challenge, audit,
or review their cybersecurity posture,
especially those in the financial sector.
Does having audit, regulators, second
line of defence, vendors and partners
constantly testing their security interfere
with normal operations?
Every day there are new and advanced
security tools hitting the market which
are designed to help solve the problem;
but then why are the numbers of
breaches continuing to rise? No one can
give up and say it’s just a battle that
cannot be won. Yes, it’s natural to be
attracted to new shiny balls – the super
technical security risks. And yes, these
risks are real, but does focusing on them
really provide the best ROI for security?
Ultimately, most problems are arising
from bad actors taking advantage of very
basic flaws in the security ecosystem.
This article will focus on how those who
work in financial services security teams
INTELLIGENTCIO
75