Cyber Security: Confronting the Threat



Similar documents
Strengthen security with intelligent identity and access management

CYBER SECURITY, A GROWING CIO PRIORITY

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure

Cybersecurity Delivering Confidence in the Cyber Domain

Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape

Cybersecurity and internal audit. August 15, 2014

IT Infrastructure Services. White Paper. Cyber Risk Mitigation for Smart Cities

Privilege Gone Wild: The State of Privileged Account Management in 2015

Business resilience in the face of cyber risk. By Roger Ostvold and Brian Walker

Preemptive security solutions for healthcare

Unisys Security Insights: Germany A Consumer Viewpoint

Key Cyber Risks at the ERP Level

Seamless Mobile Security for Network Operators. Build a secure foundation for winning new wireless services revenue.

Privilege Gone Wild: The State of Privileged Account Management in 2015

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Security Technology Vision 2016: Empowering Your Cyber Defenders to Enable Digital Trust Executive Summary

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

Address C-level Cybersecurity issues to enable and secure Digital transformation

Internal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015

Accenture and Oracle: Leading the IoT Revolution

Assessing the strength of your security operating model

How To Protect Your Network From Attack From A Network Security Threat

THE SECURITY EXECUTIVE S GUIDE TO A SECURE INBOX. How to create a thriving business through trust

How To Manage Risk On A Scada System

Connect and Protect: The Importance Of Security And Identity Access Management For Connected Devices

Is Your Company Ready for a Big Data Breach?

Cyber security: Are Australian CEOs sleepwalking or a step ahead? kpmg.com.au

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

Accenture Technology Consulting. Clearing the Path for Business Growth

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

KUDELSKI SECURITY DEFENSE.

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

Continuous Cyber Attacks: Engaging Business Leaders for the New Normal

Cybersecurity and Privacy Hot Topics 2015

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution

Managed Security Services D e l i vering real-time protection to help organizations st r e n g t h e n their security posture in the face of today s

The economics of IT risk and reputation

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

A NEW APPROACH TO CYBER SECURITY

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS

White Paper. Architecting the security of the next-generation data center. why security needs to be a key component early in the design phase

Utilizing Security Ratings for Enterprise IT Risk Mitigation Date: June 2014 Author: Jon Oltsik, Senior Principal Analyst

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Defending against modern cyber threats

Cyber Security Risks for Banking Institutions.

Secure Data Transmission Solutions for the Management and Control of Big Data

Understanding the impact of the connected revolution. Vodafone Power to you

Cyber security Building confidence in your digital future

Changing the Enterprise Security Landscape

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights)

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

The Benefits of an Integrated Approach to Security in the Cloud

Can Your Organization Brave The New World of Advanced Cyber Attacks?

Empowering Your Sales Force. It s Not Just Automation. It s Personal.

Provide access control with innovative solutions from IBM.

Best Practices in Account Takeover

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

OT PRODUCTS AND SOLUTIONS MACHINE TO MACHINE

Data Security: Fight Insider Threats & Protect Your Sensitive Data

Real-Time Security for Active Directory

National Cyber Security Policy -2013

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

Preparing your network for the mobile onslaught

Douglas County School District. Information Technology. Strategic Plan

Beyond passwords: Protect the mobile enterprise with smarter security solutions

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Into the cybersecurity breach

data driven government

Defending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014

RETHINKING CYBER SECURITY

Presidential Summit Reveals Cybersecurity Concerns, Trends

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

Implement security solutions that help protect your IT systems and facilitate your On Demand Business initiatives.

Cybersecurity report As technology evolves, new risks drive innovation in cybersecurity

GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, CEO EDS Corporation

Cybersecurity Enhancement Account. FY 2017 President s Budget

Managed Security Services for Data

Transcription:

09 Cyber Security: Confronting the Threat

Cyber Security: Confronting the Threat 09 In Short Cyber Threat Awareness and Preparedness Active Testing Likelihood of Attack Privacy Breaches 9% 67% Only 9% proactively run inward-directed attacks and intentional failures to test their systems on a regular basis 67% believe the likelihood of an attack is very or extremely high 68% believe there is a high likelihood of privacy breaches of personal data Results from Accenture s 2015 Global Risk Management Study 65% Percentage of financial services executives that said cyber and IT risk would have an increased impact on their business in the next two years. Apply Big-Picture Principles to Cyber Security A PROACTIVE STANCE BIG PICTURE 68% Yes No A BROAD VIEW OF RISK MANAGEMENT By the very nature of their business, investment banks possess vast quantities of highly sensitive information, ranging from the portfolios and transaction histories of wealthy individuals to the details of pending mergers. When such information is compromised whether by determined cyber criminals or individuals within the organization by accident the consequences, in terms of reputational damage and monetary losses, could be significant. Traditionally, investment banks have always been highly aware of the importance of safeguarding customer and transaction data and have taken all the steps deemed necessary to do so. In the current environment, however with organized cyber criminals running industrialized hacking operations and freely selling and/or sharing information about institutional vulnerabilities investment banks may be dealing with forces that cannot be addressed exclusively by internal resources. In this environment, cyber security becomes not only a major challenge for investment banks, but also a key responsibility of their boards of directors and senior management teams. Boards and management need to consider: The organizational structure and reporting arrangements for cyber security operations. The experience and expertise of the chief information security officer (CISO), and the need to balance industry knowledge against street smarts as they pertain to cyber issues. Safeguarding data in a networked environment, which may encompass cloud data storage and the provision of services via the cloud. Creating a culture that is both security-conscious and aware of the financial and reputational consequences of data breaches. A WILLINGNESS TO COLLABORATE ATTENTION TO THE HUMAN FACTOR

Firms that displayed leadership in cyber security shared certain characteristics, including immediate reporting of security incidents to the CEO and board of directors, clear definition of responsibility and authority pertaining to security, and effective communication of security requirements to all employees. As they migrate their operations from custom-built IT systems to flexible, cloud-based platforms integrated into a digital ecosystem, investment banks need to address these and other cyber security concerns with comprehensive, well-thought-out solutions. With data housed outside of the traditional confines of a private data center, cloud security becomes a responsibility shared with service providers and internal security resources. It is worth noting, however, that cloud security problems are solvable, assuming appropriate governance and organizational structures are in place. For investment banks, securing digital platforms should begin before development work starts. Investment banks can reduce risk by collaborating with potential partners to identify possible security challenges across and beyond their industry. They should also identify what types of security-related data the platform can gather and ways that cyber security operations can be leveraged to monitor edge and core devices for abnormal activity. A pervasive concern Cyber security is a widespread and pressing concern for most executives. As Figure 1 shows, a worldwide survey of over 900 executives conducted by Accenture Strategy found that over two-thirds of respondents believe the likelihood of a cyber attack to be very or extremely high (and a similar share sees a high likelihood of data or privacy breaches). But only nine percent run inward-directed attacks and intentional failures to test their systems on a regular basis. There is a significant disconnect between cyber threat awareness and preparedness in most organizations. Defending the digital investment bank Enable business growth and secure operations Enabling business resilience and brand trust by interlocking security strategy with business strategy Reinventing security to be digital friendly by supporting user centricity and Internet scale, and addressing digital concerns such as big data, Internet of things and commerce Developing solutions to manage technology and process security risks outside of direct organizational control while leveraging security as a service Source: Accenture Research Defend the business from hostile adversaries Addressing boardroom and C-Suite concerns about the effect of security breaches on shareholder value, revenue and compliance Gaining security-situational awareness across expanding business boundaries and developing a rapid-response capability Testing environmental robustness and implementing security automation to offset staff shortages Figure 1: Cyber threat awareness and preparedness Yes Active Testing Likelihood of Attack Privacy Breaches No Addressing structural issues For investment banks, effective cyber security begins at the top with the board of directors and senior management. Firms need a structure that recognizes the business issues connected to cyber security, while providing the expertise needed to deal with specific and ever-changing threats. Security models and tools are proliferating, creating complexity and potentially compromising security, so an integrated approach is needed to make the best use of new solutions. Only 9% proactively run inward-directed attacks and intentional failures to test their syetems on a regular basis Source: Accenture Research 67% believe the likelihood of an attack is very or extremely high 68% believe there is a high likelihood of privacy breaches of personal data

Investment banks that provide secure mobile applications could differentiate themselves, but few have the technological sophistication to do so today. A 2015 study conducted by Accenture and Ponemon Group found that firms that displayed leadership in cyber security shared certain characteristics, including immediate reporting of security incidents to the CEO and board of directors, clear definition of responsibility and authority pertaining to security, and effective communication of security requirements to all employees. 1 At leading companies, the CISO is more likely to report directly to a senior executive, set the security mission by defining strategy and initiatives, and have a direct channel to the CEO in the event of a serious security incident. They also provide sufficient resources for cyber security teams to deal with existing threats, while researching and preparing for new types of attacks. Securing the edge New technologies particularly those in the area of mobile communications are opening new horizons for investment banks and their clients. Transactions are no longer limited to landline telephones or desktop computers; mobile phones and tablets now serve as effective platforms for many activities. However, the functionality of such devices has often outpaced the ability of investment banks and other financial services firms to protect customers privacy and prevent unauthorized access to their accounts. methods, such as social log-ins and risk- or content-based identification. Although still in very early stages, such services may soon represent a competitive advantage for firms with tech-savvy clients. Investment banks can benefit from important features of new security technologies, including the ability to identify anomalies in network traffic, prioritize threats and provide advance warnings of possible breaches. Whether business is conducted on an in-house legacy platform or through the cloud, investment banks should regularly evaluate their vulnerabilities. They can apply threat monitoring to understand potential problems and leverage threat intelligence to understand when cyber criminals (or rogue individuals within the organization) are attempting to take advantage of such vulnerabilities. In some cases, data visualization may help identify problematic behavior not only by cyber criminals, but also by customers, counterparties and employees. Investment banks that provide secure mobile applications could differentiate themselves, but few have the technological sophistication to do so today. Innovation often takes place at the tactical level, without the benefit of a high-level, holistic view of security concerns. Investment banks, like other financial services firms, need to find a balance between maintaining security and providing an optimal customer experience. Adopting new technologies Some players have begun exploring promising new technologies to identify and prevent cyber incursions. Following in the footsteps of retail banks that are using biometric authentication at automated teller machines in certain countries, some investment banks are piloting voice biometrics for added security and a better customer experience during telephone transactions. Others are exploring new authentication

The big-picture approach For investment banks, the need to bring technology to market quickly to maintain a competitive advantage along with the ever-evolving sophistication and boldness of cyber criminals has left cyber security struggling to catch up. Investment banks can benefit from applying several big-picture principles to cyber security. In addition to a top-down view starting with the board and senior management, these include: A proactive stance. Accenture s research and experience suggests that investment banks should take a proactive approach toward cyber security, continually monitoring, testing and experimenting with new technologies. Reactive cyber defense is no longer sufficient to maintain an effective security program and regulatory compliance. A broad view of risk management. Cyber risk should be considered alongside traditional enterprise risks to more effectively inform risk management decision making. In the Accenture 2015 Global Risk Management Study, nearly two-thirds (65 percent) of financial services executives surveyed said that cyber and IT risk would have an increased impact on their business in the next two years and that they are making talent and organizational decisions accordingly. 2 Demand for cyber security skills is escalating quickly. A willingness to collaborate. Investment banks internal cyber security teams may have been capable of dealing with yesterday s threats. In the current environment, however, investment banks will need not only outside expertise, but also effective collaboration with cloud and other service providers to deal with emerging threats. Investment banks may also need to increase their willingness to share information regarding such threats with governments and industry groups, including the Financial Services Information Sharing and Analysis Center (FS-ISAC). Attention to the human factor. Many breaches occur as a result of human error, negligence or failure to follow security protocols. Privileged access management is a top risk in this area. Investment banks should have organized and integrated programs to raise awareness of security issues, encourage proper procedures and assign responsibility when individuals are at fault. Insider threat networks should be enhanced and user behavioral analytics should be deployed to manage the human components, whether malicious or accidental. Cyber security will remain a major challenge for investment banks for the foreseeable future. By adopting an active cyber security strategy, a sound organizational structure, effective training and communications, and new technology, investment banks can begin to address their cyber security concerns and devote more resources to growth-oriented activities over time. Five Security Recommendations to Stretch Your Boundaries in the Digital Era 01. Enable secure, autonomous devices at the edge. 02. Make data-driven decisions at Internet of Things (IoT) scale. 03. Secure volume, variety and velocity of big data. 04. Maximize protection across digital ecosystem platforms. 05. Build customer trust in a digital economy. As edge devices such as sensors and smart meters increase and become more autonomous, security should encompass the potential risks to those devices, such as physical tampering, data integrity and unauthorized access. Understand and proactively address the security implications of decisions being made at the edge. Manage and safeguard edge devices and the end-to-end technologies that enable intelligent decisions. Increasingly larger amounts of data are collected, processed and analyzed by organizations. Establish end-to-end security on data. Develop and maintain a data assurance program as the center of your IoT strategy. Build a data assurance program that directly ties to the business model and enables more informed decisions based on accurate data. The exponential growth of big data is straining traditional database management systems. In moving to big-data platforms, apply the principles of information security across all aspects of data collection and management. Take a data-centric security approach to address the volume, acquisition velocity and data variety being collected for the organization. Digital industry and cross-industry ecosystems and platforms are developing to support the IoT. Combine operational and security information across the enterprise and across platforms to help businesses respond effectively to the rapidly changing cyber landscape. Work with ecosystem partners to brainstorm security challenges and develop responses. Successful digital enterprises will establish and maintain customer trust based on how they collect and protect their data. Be vigilant with security and privacy practices so as to not compromise customers experiences or lose their trust. Follow proactive and ethical data stewardship practices and offer enhanced services that are consistent with customers expectations of privacy and personalized, seamless experiences. 1 https://www.accenture.com/us-en/insight-cybersecurity-research-report 2 https://www.accenture.com/us-en/global-risk-management-research-2015.aspx Source: Accenture Research

About Accenture Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions underpinned by the world s largest delivery network Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With more than 358,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Its home page is www.accenture.com. Contact Us To discuss any of the ideas presented in this paper, please contact: Charlie Jacco Florham Park charles.a.jacco@accenture.com Timothy Elliott Detroit timothy.c.elliott@accenture.com Read all the Top Ten Challenges www.accenture.com/10challenges Follow us on Twitter @AccentureCapMkt Explore more Accenture Capital Markets Latest Thinking www.accenture.com/capitalmarkets Copyright 2015 Accenture All rights reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Disclaimer This report has been prepared by and is distributed by Accenture. This document is for information purposes. No part of this document may be reproduced in any manner without the written permission of Accenture. While we take precautions to ensure that the source and the information we base our judgments on is reliable, we do not represent that this information is accurate or complete and it should not be relied upon as such. It is provided with the understanding that Accenture is not acting in a fiduciary capacity. Opinions expressed herein are subject to change without notice.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information