Cyber Defense eMagazine February 2021 Edition

More documents

Recommendations

Info

Credit Cards, Cash and Compliance, Oh My! Eliminating Audit Fatigue in The Financial Services Sector By Steve Horvath, Vice President, Strategy & Cloud, Telos Corporation When we think of our finances, we think of them as a responsibility – a commitment to ensure payments are submitted on time, and our credit score is where it should be. We often don’t think of how cybersecurity and compliance fit into the picture, at least beyond credit card breaches or financial fraud. The reality is, as cybersecurity threats become increasingly more sophisticated – and the financial services industry seemingly more complicated – financial organizations need to put a renewed focus on compliance activities. According to recent research, organizations are spending over $3.5M each year on compliance activities. This figure increases to over $4M in the financial services sector, likely due to unique regulations and procedures having to do with anti-money laundering (AML), sanctions, and more. Additionally, the financial services sector is one of the most likely sectors (58 percent) to report they need to hire more staff to cover an increasing workload. The bottom line is this: in the financial services industry, compliance is often a full-time job. Compliance activities are often synonymous with the NIST Cybersecurity Framework, which consists of standards, guidelines, and best practices to manage cybersecurity risk. While this framework provides a strong foundation for addressing compliance challenges - offering a variety of resources that can be used to align on compliance priorities - companies need to improve their approach to compliance activities in the financial sector. Here are the top 4 key considerations to bear in mind as part of a holistic compliance strategy for financial services organizations. Cyber Defense eMagazine – February 2021 Edition 42 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
Third-party vendor risk management programs Third-party risk is a common concern among organizations across industries, as they are entrusting other contractors to perform certain business activities for them. According to a recent global survey conducted by Ernst & Young, 58 percent of financial services firms have implemented centralized approaches to third-party risk management. Additionally, 41 percent of financial services organizations may adopt a managed services approach to third-party risk management within the next few years. As with any industry, managing a vendor’s risk is key to compliance in the financial services sector. But unfortunately, a traditional vendor evaluation often does not capture ever-evolving risks. Gartner reports that more than 80 percent of legal and compliance leaders indicate third-party risks were identified after initial onboarding and due diligence. In the same study, one chief compliance officer at a financial services organization revealed there is no question that third parties are redefining how their business competes in the new digital world. It’s clear that ensuring a risk management program for third-party vendors is in place is of utmost importance for any organization that wants to avoid undue risk and potential compliance fines. Finserv and other organizations can look to examples like Shared Assessments’ Third Party Risk Management (TPRM) Framework, which outlines fundamentals and processes to consider when building such a program – to include outsourcing analysis, contract management, monitoring, and more. Vendor evaluation Before establishing a third-party vendor risk management program, it’s important for financial services organizations to either choose NIST-compliant vendors or have some sort of compliance policies in place to create peace of mind that their partners are responsible and do not pose much risk. If you need a place to start, SecurityScorecard advises setting an assessment scope. The process includes determining which risk criteria pose the greatest threat. One example given is a company handling payment card data. This type of company faces substantial compliance risk (particularly PCI DSS), and should therefore include compliance to this regulation in their assessment scope. Proof of compliance When you buy a home, car, or any other large asset, a contract often serves as evidence that you are the owner. This concept is not so different for financial services organizations that have to provide proof of compliance. The Financial Services Sector Coordinating Council (FSSCC) explains that Profiles within the NIST Cybersecurity Framework can be used as an assessment tool for financial institutions to evidence compliance with regulatory frameworks – a “common college application for regulatory compliance,” as they call it. Proof of compliance within the financial services industry is especially important because newer areas in play must be considered, such as facial recognition checks, two-factor authentication, social media, and other factors. This added layer of complexity is all the more reason that financial organizations need to prove they are compliant. Cyber Defense eMagazine – February 2021 Edition 43 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2: The 2021 Perspective - Challenges a
Page 3 and 4: Does Sunburst Have Your Confidentia
Page 5 and 6: @CYBERDEFENSEMAG InfoSec Knowledge
Page 7 and 8: Cyber Defense eMagazine - February
Page 21 and 22: The 2021 Perspective - Challenges a
Page 23 and 24: A slice of the anti-virus pie? We s
Page 25 and 26: Additionally, we saw explosive grow
Page 27 and 28: 2021 Predictions: Addressing the Ch
Page 29 and 30: About the Author Ankur is the found
Page 31 and 32: An independent study conducted by P
Page 35 and 36: The Boomers’ lack of trust in Fac
Page 37 and 38: While it’s unclear if historical
Page 39 and 40: Cyberattacks On K-12 Education Care
Page 41: About the Author Saryu Nayyar is th
Page 45 and 46: Cyber Resiliency Will Become the Ne
Page 47 and 48: About the Author Drew Daniels is th
Page 49 and 50: Phishing Threat actors are taking a
Page 51 and 52: Vulnerability Patching: Why Does It
Page 53 and 54: with any degree of efficiency is to
Page 55 and 56: the nature and its technological ou
Page 57 and 58: kind of the communication streaming
Page 59 and 60: it’s logical to realize that the
Page 61 and 62: eason they will be that hidden part
Page 63 and 64: channeling hotspots are diverse and
Page 65 and 66: Ransomware is Evolving - Agencies M
Page 67 and 68: About the Author Nick Psaki is the
Page 69 and 70: 3GPP Release 15 defines the 5G secu
Page 71 and 72: • Suppliers must prioritize cyber
Page 73 and 74: Does Sunburst Have Your Confidentia
Page 75 and 76: About the Author Randy Reiter is th
Page 77 and 78: Global Reach and Accessibility Plan
Page 79 and 80: About the Author Trevor Daughney is
Page 81 and 82: typical work environment. Public Wi
Page 83 and 84: increasingly interested in implemen
Page 85 and 86: Approach cybersecurity as an org-wi
Page 87 and 88: Are Encrypted Communication Apps us
Page 89 and 90: How SaltDNA’s platform prevents c
Page 91 and 92: are turning to new technologies lik
Page 93 and 94:
The Best Network Protection: Go Dee
Page 95 and 96:
Top Tips For Securing Your DevOps E
Page 97 and 98:
Continual Learning Is Necessary The
Page 99 and 100:
a prime target for cyber attacks. I
Page 101 and 102:
Cyber Defense eMagazine - February
Page 103 and 104:
Page 105 and 106:
FREE MONTHLY CYBER DEFENSE EMAGAZIN
Page 107 and 108:
show all

Cyber Defense eMagazine February 2021 Edition

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?