The cyber landscape is constantly evolving and staying ahead of these threats is a never-ending job. Market data and risk analysis firm, Thomas Murray, recently hosted a webinar featuring Jason Harrell, DTCC Managing Director, Operational and Technology Risk and Head of External Engagement. The discussion centered on the most important cyber issues impacting the financial services industry and the importance of a robust cybersecurity approach.
Related: Best Practices for Managing Extreme Cyber Events
Facing New Cyber Threats
Cyber risk is of critical importance across sectors, industries and regions, and impacts all areas of the organization, including senior management. Harrell commented on the top three emerging threats cyber professionals face today:
- Supply Chain Attacks: The financial services sector will continue to experience cyber-attacks against its third parties. Critical service providers deliver services to several financial firms and a breach of these services could create systemic impacts.
- Emerging Technology Vulnerability: The introduction of new and emerging technology may modify existing risks or create new risks that need to be identified and managed.
- Internet of Things: The seismic shift toward working from home in recent years has introduced new potential ways to breach networks. Many homes have internet-enabled devices. These devices, if compromised, could gain access to the workstations utilized to access to the corporate network.
Enhancing Operational Resilience
In response to these threats, firms must concentrate on their operational resilience. Because breaches are inevitable, financial institutions should increase their focus on building the capabilities needed for a rapid but safe recovery. To enhance operational resilience, there is a growing need to enhance information-sharing channels between financial institutions and financial authorities. Given the increased use of third parties by financial institutions to provide financial services, these institutions must also increase the rigor of third-party and supply chain risk management.
Related: Why Cyber Advocacy Is a Pivotal Step for Cybersecurity Efforts
The Quantum Quandary
What is the exposure of encryption and the impact of quantum computing? While today’s encryption methods use algorithms designed to be impenetrable for thousands of years, the quantum-based computers of the near-future could break these codes in mere seconds. DTCC’s recent white paper, Post-Quantum Considerations for the Financial Industry, explores the risk of post-quantum technology and the initial steps to begin industry preparedness.
Creating A Culture of Security
Resilience is inclusive of more than IT and business continuity organizations. Senior management needs to understand and provide a governance model that allows the organization to build its capabilities in line with financial authorities’ expectations. The best way for firms to prepare for cyber-attacks is through understanding and documenting critical business services that institutions provide to clients, as well as the people and processes of third parties that deliver the services.
Test, Test, Test
Harrell emphasized the importance of testing by stating: “Firms should conduct scenario testing to understand the impact of severe but plausible events to critical business services, build capabilities to mitigate the impact of these scenarios, and finally test, test, test to decrease the operational friction when these events occur and increase the muscle memory of these groups to respond to these events.”