In a recent DerivSource podcast, DTCC’s Mark Clancy shed some light on why cyber risk is a top concern among financial institutions and how they can better protect their firms from threats. Read below advice shared on how to ensure you are taking the actions required to build a better cyber security plan of action.
The main actions I suggest financial institutions take on as part of a cyber security plan are:
Assume a breach – assume there is someone in your environment and operate your daily life like there might be somebody poking around. That change in mindset will help you.
Engage in what we call ‘active hunting’ – don’t wait for some system or alarm to trip saying something happened. Go through your environment, look at what is happening, and take the knowledge you have about what attackers are doing and query your environment to ask what is going on.
Recognize that you are going to have an incident to which you are going to have to respond – have a response plan in place which includes both technical aspects of how you deal with an intruder in your IT infrastructure, and the business and crisis management aspect, making sure you have an incident response plan, that you’ve tested it and drilled it. That plan includes your general counsel, public relations team, regulatory relations team and executive management. Even if you’re lucky enough not to have any incidents, you should know how you’re going to respond so that you’re not trying to figure it out at 3am in the morning over the weekend when it happens.
Every person in the company is a sensor – everybody is a human detector of these attacks. Verizon published a study about breached they investigated and the vast majority of them started with a phishing attack, where somebody sends an email to an employee and tries to get them to click on a link. That link then installs malware, which then provides a foothold for the attacker to get inside a company’s infrastructure. So when you look at the operations, compliance team, or risk teams, these are all people who get emails and deal with the outside world, so they can be part of that sensor community – if they see it they report it to the security team for investigation.
Look at what information you post in the public domain about your employees – the criminals can harvest that information and use it to make these phishing attacks more compelling. So, for example, if they know that someone is a member of some society or professional group, they may create an email in the context of that group which may lead them to open it. Having all of these teams engage internally and externally and consolidating the reporting of those events can help the security team be better prepared to respond to them.
* Find out more! You can listen to Mark’s full comments via the podcast or the transcript found on the podcast notes page.
