The DTCC (Depository Trust & Clearing Corporation) recently released their Q3 2014 Systemic Risk Barometer Survey, which was conducted with their clients in the financial services industry and a swathe of global financial services companies.
84% of respondents identified cyber risk as one of their top five concerns.
Source: DTCC Systemic Risk Barometer, Results Overview – 2014 Q3
Additionally, 37% of respondents said that the probability of a high impact event in the global financial system has increased during the past 6 months.
The financial services industry has long been the target of cyber-attacks and this should come as no surprise – but this sentiment seems to be stronger than ever before, given the daily barrage of attacks of all sizes from the JP Morgan breach affecting 76 million households to the smaller one at TotalBank affecting 72,000 customers. What is distressing is that you could replace “financial services” with “retail” or “healthcare” or “manufacturing” or just about any other major industry group – and the results would likely be very similar. Organizations in all these industries are being constantly hit by cyber-attacks targeted at stealing sensitive customer data or IP, as a result of which cyber risk is now a hot button for C-level teams and boards across the globe.
As Mark Clancy, DTCC Chief Information Security Officer stated – “No institution – large or small, public or private – is immune to a potential cyber-attack”. Given the devastating financial and reputational impact of cyber-attacks, there are a slew of measures CIOs and CISOs are taking to secure their organizations, ranging from deploying the latest security tools to protect various layers of the technology stack, to setting up incident-response teams to handle external comms if they should make front page news. But if you were to distill all these initiatives into one key objective, this is probably what it would be (and if not, then this is what it should be):
Know what you have that's worth stealing (hint: customer data, intellectual property, etc). Then go secure it, put it in a vault, or control access to it - or do all.
Do this for data in rest and in motion, on or off your network, on personal devices or in the cloud. And then, maybe, cyber risk will be less daunting that is today.
Data-Centric Security: Why You Need it, How to Get Started
Forrester VP and Principal Analyst John Kindervag explains the fundamentals of a data-centric security approach, why you need it, and how to get started. Watch the webinar on demand.
Related ArticlesThe Security Hot Seat: Personal Device Encyption
This week' s Hot Seat features the latest issue in the debate on personal privacy vs. national securityThe Security Hot Seat: Ernst & Young
As usual, there was no shortage of security news last week - the unraveling of the Home Depot breach, the discovery that banking malware Dyre has set its sights on Salesforce, and the release of 5 million Gmail logins by Russian hackers were just a few of the big stories. However, I decided to go with a slightly more bizarre selection for this week's Hot Seat.The Security Hot Seat: Intellectual Property
IP in the Hot Seat after Hackers Charged with Theft of $100-200M in Xbox, U.S. Army Data