The Financial Services Information Sharing and Analysis Center (FS-ISAC) surveyed various chief information security officers (CISO) in the financial industry on some of their primary priorities when it comes to improving security for their organizations. According to the survey report, titled 2018 CISO Cybersecurity Trends, employee training was one of the top concerns for CISOs, with 35 percent of all those surveyed mentioning it as a top priority. This was followed by infrastructure upgrades and network defense at 25 percent and breach prevention not far behind at 17 percent.
The FS-ISAC classified the CISOs surveyed into two types: those who performed technical functions, such as chief information officers (CIOs), and those who performed non-technical functions, such as chief operations officers (COOs). The CISOs with technical functions tended to prioritize matters such as infrastructure upgrades, network defense, and breach prevention, while the non-technical CISOs saw the human element, that is, employee training, as a more significant issue.
The report also talked about how cybersecurity has evolved from a topic primarily dealt with by IT personnel to one that is on the minds of executives in boardroom meetings. This was reflected in the number of quarterly reports submitted by CISOs to their boards of directors, which stood at 53 percent. Furthermore, 8 percent of the CISOs surveyed went beyond the quarterly reports — some even provided monthly feedback.
The organization gave a list of recommendations for CISOs looking to build up their security posture.
Security as a Priority for Organizations
The FS-ISAC report highlights an important fact: Organizations need to prioritize security more than ever. The financial industry, in particular, is very vulnerable to attacks — from sophisticated campaigns by threat actors such as Lazarus, who were responsible for some of the more notable campaigns against financial organizations, to more simple but no less effective scams like Business Email Compromise (BEC) schemes. The past few months alone have seen a number of attacks against financial organizations, including the IcedID Trojan attacks or the more recent KillDisk attacks, which hit Latin American financial companies. Due to its size and very nature, the financial sector remains, in many ways, one of the primary targets of cybercriminals.
The security issues are not just limited to within the organization; however, as customers themselves can also be affected. For example, attacks to compromise ATM machines directly impact users — and therefore, by extension, can cause harm to a company’s reputation and even subject it to fines and penalties.
As mentioned in the FS-ISAC report, employees are especially critical when it comes to the implementation of an organization’s security plan. Educating users on key issues can bolster the security posture of an organization, as they are both the first line of defense and typically the main point of entry for malicious activity.
CISOs, or people in charge of an organization’s security, are also increasingly becoming necessary for many organizations. Attacks such as the recent WannaCry ransomware campaign could have been mitigated with better implementation of security measures. This could be done through proper planning as well as having a dedicated CISO overseeing the organization’s security.
The harsh truth is that cybercrime is going to be more prevalent going forward.It’s time for organizations to shore up their defenses to counter malicious attacks, from the top executives of the organization down to the rank-and-file.
Organizations can start by looking into the implementation of the following security best practices that can help minimize the impact of threats:
To help CISOs combat malicious threats, organizations can look into solutions such as Trend Micro™ XGen™ security, which provides a cross-generational blend of threat defense techniques against a full range of threats for data centers, cloud environments, networks, and endpoints. It features high-fidelity machine learning to secure the gateway and endpoint data and applications, and protects physical, virtual, and cloud workloads.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.