Nearly 40% of all cybersecurity breaches occur in the financial services sector. Cyber attacks range from distributed denial-of-service (DDoS) attacks, corporate account takeovers (CATO) and hacking via web applications. These attacks can result in significant losses in both revenue and corporate reputations for banks, asset managers, brokerage houses and insurance companies. The data managed in this sector is extremely attractive to cyber criminals, and attacks are only expected to grow in frequency and sophistication.
Inherently High Cyber Risk
Most financial services firms are connected to a complex web of third-party vendors, from technology service providers, communications firms, companies that handle clearing and settlement, suppliers that handle payments and other organizations that manage general data processing. In some cases, a financial entity may have multiple suppliers for the same task or function and in other cases one supplier may be relied upon for multiple tasks. Similar to supply chains in other industries, third-party vendors in the financial sector pose a very real cyber risk. Each additional endpoint is a potential entryway for bad actors, and therefore poses a serious vulnerability. In addition to supplier endpoints, the financial sector also must contend with various applications and third-party software that intersect with core data streams.
Complex Risk Management Guidelines
In late 2018, the Financial Services Sector Coordinating Council (FSSCC) unveiled an industry framework, called the Cybersecurity Profile, aimed at helping financial institutions develop and maintain cybersecurity risk management programs. When the profile was introduced, Tom Wagner, Managing Director at SIFMA and Vice Chair of the FSSCC stated: “There is no greater threat to financial stability than a large-scale cyber event, and robust public private partnerships are the most effective way to manage cyber threats.” Concurrently, the U.S. Treasury’s Office of the Comptroller of the Currency (OCC) issued third-party risk management guidelines to federal savings associations and national banks. While the FSSCC profile and the OCC guidelines are intended to help firms establish and maintain effective risk management, they are complex and can be difficult to interpret.
Supply Chain Disconnect
The complex layers of third-party suppliers within the financial sector must be carefully managed and measured. Effective cybersecurity policies need to take into account all parties involved and protect each entry point while maintaining higher-level administration over the entire organization. The ideal solution should be able to measure, forecast, monitor and regulate cyber activities throughout the organization. In addition, the solution should be able to connect the disparate parts of the organizations’ technology.
A “supply chain disconnect” occurs when a solution is too complex or too costly to effectively implement or maintain. Any solution that requires impractical configurations or is difficult to deploy across third parties will not work for the financial services sector. Attila’s GoSilent technology provides CNSA Top Secret level protection at an affordable price point. It is easy to set-up and use, making it ideal for third-party suppliers that may have varying levels of cybersecurity resources. Learn more about Attila’s GoSilent products and next-generation edge security.