J.S. Held Strengthens Forensic Accounting and Financial Investigations Expertise and Expands Suite of Services in Canada with Acquisition of ADS Forensics
Read MoreMost Financial Services Institutions (FSIs) have digital technology at their core. And a primary responsibility for most FSIs is “cyber-connect” customers – be they organizations or individuals – with their money simply and seamlessly.
FSIs need to counterbalance these speedy, frictionless transactional experiences against the thousand-pound gorilla in the room, a.k.a. cybersecurity risk.
This Deloitte article in the Wall Street Journal distills the problem well: “Amid the massive technological transformation now underway in financial services, companies are being asked to become more agile and provide a frictionless customer experience. They must also grapple with the need to reduce costs while complying with complex regulations and managing an increasingly global workforce.”
In other words, make your services super secure and super slick. Maybe that’s why the financial services industry is predicted to face cybercrime costs of £1.5bn during 2017? Or that this industry remains the biggest spenders when it comes to cybersecurity?
So, let’s look take a look at some of the top cybersecurity headaches plaguing FSIs right now.
Not only are new regulations, such as GDPR , entering the fore, but existing regulatory bodies, like PCI DSS, are tightening their requirements, placing additional pressure on organizations to reassess their cybersecurity posture in line with these new requirements.
A known frustration, however, is that various regulatory bodies have conflicting requirements, intensifying a cybersecurity headache to a proper migraine.
Of course, the importance of choosing your business partners continues to be key. In short, their cybersecurity vulnerabilities are your cybersecurity headaches.
Legacy contracts need reviewing, and clear delineation of responsibilities is key. Additionally, the new GDPR regulation, which impacts companies around the world that collate and process personal information of EU data subjects, clearly shares the blame between controllers and processors, so “clever” contracts designed to shield organizations from legal responsibilities may lose efficacy.
This is the one you were all expecting to show up on the list, and you would be right. The onslaught of vicious malware strains and unauthorized access via one of the hundreds of access points into a network is a complex balancing act. Availability for authorized users cannot be compromised, while ensuring that the bad stuff stays at bay.
With new devices and technology being connected to the internet, the importance of baking in cybersecurity from the get-go is key. This difficult, costly exercise is often insufficiently considered by developers at the early stages.
Managing the plethora of devices accessing FSI services, from payment systems, websites, and applications, and ensuring they cannot compromise the system remains a key focus for cybersecurity leaders in the financial industry.
We would like to thank Kevin Gorsline for providing insight and expertise that greatly assisted this research.
Kevin Gorsline is a Managing Director in J.S. Held's Global Investigations Practice who joined following J.S. Held's acquisition of TBG Security. For several years, Kevin served as the Chief Operating Officer and head of the Risk and Compliance practice at TBG Security, where he was responsible for providing the leadership, management, and vision necessary to ensure that the company had the proper operational controls, administrative and reporting procedures, and people systems in place to effectively grow the organization and to ensure financial strength and operating efficiency. His experience and leadership throughout his career have been focused on developing and delivering information security services and solutions, providing outstanding client service, and driving profitable revenue growth. Kevin brings established proficiency as an IT leader with extensive experience in risk and compliance services, applications development, and implementation projects both in the United States and abroad.
Kevin can be reached at [email protected] or +1 843 890 8596.
In Part II of addressing cyber claims challenges, we identify gaps in coverage and quick fixes for a smoother claims process....
A Virtual Chief Information Security Officer (vCISO) can be a cost-effective solution to AI cyberattacks....
To safeguard our digital lives, both the "inside out" security approach and the “outside in” prevention approach are needed....