Turn Down That Noise! Tuning into Cybersecurity for the Financial Sector

"Turn down that noise!" I suspect that at some point in your life you’ve uttered those words or perhaps had them spoken to you. In my case it was my parents telling me to turn down my music when I was a teenager. What I never understood was why they viewed my music as noise. To me, it was a symphony of sounds that I connected to in a variety of ways. I realized, as I got older, that noise was really just another term for “I don’t understand, like or connect with that.”

Sometimes it’s just about volume. Sometimes it’s about something else.

One area where there is a lot of noise is in cybersecurity, and I’d like to turn that noise off for a moment.

In February of this year, the World Bank Group published a brief estimating that, “customers of financial services suffered 65% more cyberattacks in 2016 than customers of any other industry, which represented a 29% increase from the previous year.” I could certainly quote a plethora of sources to make my point, but I suspect that is unnecessary. The reality is that while every business in every sector is a target, the financial sector stands out because of the sheer fact that money is directly involved. There is no need for a malicious actor to try and turn a profit from collecting goods or even from stealing intellectual property. This sector represents a short-cut of sorts for criminals to get straight to what they want. Money.

What exactly does the rise in financial sector cybercrime mean to small and medium size businesses?

The large enterprises have stock holders, thousand to millions of customers, and a number of other factors that may not apply to your business. However, if you’re in business then you have employees, customers, and some data that makes your business work. That data could be anything from a list of clients to very sensitive financial plans and strategies. I’d like for you to pause, for a moment, and think about what would happen if all of the data on your computers and devices was permanently inaccessible? What if someone made off with all your data, what could they do with it? How would either one of these scenarios impact your business? In a May 2017 article, Inc. Magazine estimated that 60% of small to medium size businesses that suffer a cyberattack go out of business. Not that they lost revenue or customer base alone; it was far more severe, the companies folded.

More than just Do’s and Don’ts
So what then? I don’t care for sounding the typical cyber doom and gloom alarm. The truth is that there are steps you can take to better protect your business. It boils down to some of the basics. I’d like to offer you a couple do’s and don’ts. They aren’t a punch list of items to address, but rather more of guidance on who to engage to increase the resiliency of your business.

Do engage a security services company to assess your current cybersecurity strategy.

It is easy to believe that you have all the bases covered. I’ve been in IT for over 20 years and every single time I thought I had all the bases covered, someone else has shown me otherwise. Another set of eyes and experience can provide valuable insight. The reality is that hiring your own set of cybersecurity experts can be cost prohibitive. A security services company can provide the level of expertise and man power that you couldn’t afford to procure yourself. A good security services company will listen and ask lots of questions before making any recommendations. They will take the time to get to know your business and determine what technology and processes would be the best fit. Another added benefit is that they can grow along with you. You can always start with the basic services that makes sense for your business’ current state and then add on services as the need arises.

Don’t rely solely on security product vendors.

While I would say that most security product vendors mean well, they often fail to paint the entire picture. There is no cybersecurity product that does it all. Unfortunately, too often a vendor comes in, shows you a really cool product and you leave thinking that’s all you need. A good security posture is about much more than having great products in place. 

Do engage and collaborate with others in your sector.

Cybersecurity is very dynamic. The threats change at an astonishingly fast pace. While a good portion of the threats overlap sectors and businesses, each sector has their own unique set of risks. It has been very common, in business, to keep to yourself. No one wants their competitors to get a leg up on them. That’s understandable, but thankfully there are a number of ways that you can meaningfully collaborate with others in finance. I’ll name a couple for your reference.

• The Financial Services Information Sharing and Analysis Center, better known as the FS-ISAC specifically focuses on physical and cyber threats in relation to financial institutions of all sizes. They offer a tremendous amount of valuable resources and information. FS-ISAC is a premier forum for the financial services sector. You can read more about it here.

• InfraGard is a partnership between the FBI and members of private sector. The program provides a vehicle for seamless public-private collaboration with government that expedites the timely exchange of information and promotes mutual learning opportunities relevant to the protection of Critical Infrastructure. InfraGard provides a great opportunity to collaborate with others in your sector and also to develop a relationship with your local FBI office. They have experts that deal with financial crimes (both cyber related and others) on a daily basis. Not only does the FBI disseminate crucial information to their InfraGard members, but you also gain the opportunity to be proactive. Rather than waiting for something bad to happen and then working to get connected, you get the chance to develop that relationship in advance.

Don’t go about protecting your data and business alone

While there are legitimate reasons to be cautious of the information you share, there are great ways to collaborate with others that have been there and done that. Saving you money, time and effort. I mentioned a couple of resources above, but that is certainly not even close to being an exhaustive list.

The first Do can seem daunting to some organizations, but partnering with a mature managed security services company is the key differentiator. It can mean the difference between wasted hours, resources, effort and money or you having the freedom to focus on your business. You can indeed tune out the noise and focus on what’s important to your business.To learn more about Online's Managed, Security Services click here. 

I welcome the opportunity to either speak with you personally or have one of our highly experienced team members reach out and discuss how effective and affordable managed cybersecurity can save your business.  Please leave a comment below or email us at rsp@obsglobal.com.