Cybersecurity Awareness: The Gift That Keeps on Giving

Just in Time For The Holidays

In the wake of the many highly publicized data-breaches in 2014, our clients have reached out to us for advice and guidance in an effort to increase the overall awareness of Cybersecurity risk within their respective organizations.   Many of these clients are seeking comprehensive training and a robust framework and methodology to conduct Cybersecurity Risk Assessments on a targeted and/or enterprise basis.

The Gift of Cybersecurity Awareness

In early 2014, FINRA and SEC regulated firms caught a glimpse of regulatory focus in the form of targeted examination “sweep” letters focused on Cybersecurity.  Although these letters raised awareness of regulatory focus and concern regarding Cybersecurity within the Broker-Dealer and Investment Adviser communities – most firms are still  “in the dark” in terms of how they should conduct internal Cybersecurity Risk Assessments, ensuring they are meeting regulatory expectations if / when tasked by the FINRA or the SEC to evidence their diligence in this high profile area.

Based on the risks and costs (both financial and reputational) that can result from a Cybersecurity breach, all financial services organizations, large and small must assess the following attributes:

  1. Identification:  Can your organization identify the critical processes and the data that supports your business end-to-end?  Can you recognize the difference between a “breach” and an “attack”?
  2. Protection:  What is your company doing to protect its critical data and the infrastructure and devices it rides on?  How quickly after an incident can your company realize that something is amiss?
  3. Detection:  What mechanisms does your organization have in place to detect if something is going on with critical data, and how is that detection escalated throughout the firm?
  4. Response:  How is your organization prepared to respond when Cyber incidents are detected?
  5. Recovery:  How will your organization recover from a Cyber incident?   How will your company keep its great name in tact at reduced risk and quickly on the mend?

Vendors and Business Partners

In addition to the items discussed above, organizations must consider the impact of their vendors and business partners in their Cybersecurity awareness efforts.   When we look at many of the high profile breaches that occurred in 2014 – service providers to the companies we do business with were the targets of a significant portion of these attacks.

How Do We “Attack” the “Attacks”?

Through our ongoing efforts to provide thought leadership and impactful guidance to our clients, we have spent a significant amount of time and resources contemplating the best ways for firms to assess Cybersecurity threats within their respective organizations.  Based on our research, we have determined one of the most comprehensive and current Cyber Frameworks to apply is the National Institutes of Standards and Technology (“NIST”) Critical Infrastructure and Cybersecurity (“CICS”) Framework.   NIST CICS addresses all of the FINRA and SEC Sweep letter requirements.

Buyer Beware!

Firms must be mindful of partnering with third-party vendors / service providers that cannot show some acceptable "criteria-based" framework to assess Cybersecurity risk like NIST CICS.  Companies need the ability to look across their entire enterprise, from the board room to the shop floor, when considering Cybersecurity. Almost all we do today has some sort of Information Technology component  associated with it.  The NIST CICS framework helps companies recognize the scope and breadth of the task at hand.

Stay in the Know

Sign up and stay infomed with our local news and updates

Related Posts

Stay in the Know

Sign up and stay infomed with our local news and updates
Read More linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram