Our team recently attended the FS-ISAC Annual Summit. If you’re unfamiliar, that’s the Financial Services Information Sharing and Analysis Center, and it’s one of the best industry forums to learn more about the security threats facing financial services.
When people say “follow the money” it’s usually pretty good advice, and it’s something hackers have really taken to heart in their efforts targeting companies in the financial sector. As someone who managed the security and risk profiles of software assets at some of the nation’s largest financial institutions in my past life, I say that with confidence.
The industry is quickly recognizing that a more holistic security risk management strategy is a must, but there seems to be general confusion on where efforts should be focused and how to plug the holes in an organization’s security posture.
At FS-ISAC, we had a number of good discussions about the biggest challenges facing security teams in the finance world. And there were some key themes that popped up across conversations – here are some of the most notable:
Risk is the Word
The sessions focusing on “Quantifying Cyber-risk,” “Gaining Success with Intelligent Vulnerability Management,” and “Closing the Risk Management Loop with Cyber-Risk Quantification” point to cybersecurity risk as being elevated to a top business issue. This of course makes sense. With breaches a daily occurrence, the business needs to understand what its risk exposure is. “Where are my vulnerabilities, how do we remediate them and how fast?”
Making Digital Transformation and Security Work Hand-In-Hand
Digital transformation was a hot topic across conversations. It’s hard to ignore how pivotal digital transformation initiatives are to the success of any business. But it’s also especially hard for financial services organizations to progress through the process. They are hesitant to do anything that will rock the boat, upset the equilibrium. Though centralized in structure, these organizations are often fragmented by practice, creating inefficient, and sometimes ineffective, silos of information that prevent a holistic understanding of risk profile. They often employ legacy workflow models and focus on “which tool, which person” versus efficiently automating and orchestrating security for better visibility and understanding of risk.
The Need for Speed
The key to differentiating yourself in an industry as competitive as financial services is simple in theory and difficult in execution: move fast. Today every organization is in the software business. Software and the infrastructure it runs on are critical assets and continuous deployment is essential. But speed cannot be at the expense of security. Velocity equals speed PLUS quality and security. Because of this, financial services organizations are eager to deploy the right mix of technologies to enable security that moves at the speed of the business. Those that aren’t able to achieve this feat understand that they’ll be left behind, leaving them looking for answers.
Overall, the conversations we had at FS-ISAC were incredibly valuable and I think eye-opening for those in attendance. If you’re finding yourself with concerns or challenges similar to the above, be sure to connect with the ZeroNorth team to learn how you can make sure your organization’s security runs at the speed of your business.