Key Conversations from the 2018 FS-ISAC Annual Summit
May 30, 2018
Herjavec Group recently attended the 2018 FS-ISAC Annual Summit in Boca Raton, Florida, which brought together regulated financial services firms, relevant public sector entities, and country-level banking associations for keynotes and interactive sessions around the cybersecurity challenges facing the greater financial services community.
Financial institutions are consistently challenged to keep up with new and emerging technology, while managing the risk of advanced cyber threats. Topics of discussion at the Summit included government and industry regulation, security best practices, and the need for enhanced visibility.
We’ve summarized the topics dominating the conversation at FS-ISAC:
GDPR and Federal Data Privacy Regulations
As of May 25, 2018, the General Data Protection Regulation (GDPR) has officially been enforced and this was a hot topic at the conference. Many C-level executives are questioning whether the US will follow suit in implementing its own federal data privacy regulation, especially after the Facebook and Cambridge Analytica data compromise. That said, many financial organizations are still working towards compliance. As a reminder, this regulation applies to ALL businesses globally that collect, store, transfer or process data on European Union natural persons. It is recommended that organizations engage with three experts to support GDPR readiness and compliance:
- A cybersecurity services provider for assessment and readiness review
- A managed security services provider for 24x7 monitoring and device management and
- Legal counsel for summary of efforts and corporate compliance review
Introducing: Threat Intelligence 2.0
Cybersecurity experts are beginning to combine traditional threat intelligence with Dark Web threat intel for smarter and more effective Threat Hunting. Known as Threat Intelligence 2.0, this approach allows Threat Hunters to add an extra layer of threat intel that's highly targeted towards the particular sector or even the organization in question, in order to produce detailed (and highly specific) results.
The Emergence of #FinSec
While the niche industry of FinTech (the intersection where technological applications and resources meets finance) is known to many in the financial sector, at FS-ISAC we were introduced to a new term within FinTech called “FinSec”. FinSec specifically references cybersecurity dialogue and solutions for the financial sector. Rohan Amin, Global CISO of JPMorgan Chase tweeted at the conference, “What we do is more than just security. It’s about enabling the digital business, integrating fraud and creating end-to-end controls. It’s called #FinSec”. We support this vision and believe this will be a point of convergence for security professionals and financial executives going forward.
Increase in Mobile Malware
The 2018 Mobile Banking Study by Citi® found that mobile banking apps are the third-most used apps, behind only social media and weather apps. As more financial institutions begin to develop mobile apps to make consumers' lives easier, hackers are taking note of this growing trend and are developing advanced malware specifically designed for these apps. This malware can effectively take over the mobile device and assume control of its functions. Protecting consumers and banking enterprises from the threat of mobile malware will be a priority in this space going forward.
Shifting to the Cloud
After much resistance to shifting to the Cloud, financial organizations are finally making the switch. However, this has opened a new conversation topic: who is responsible for securing the assets stored in the Cloud? While the common misconception may be that it is the Cloud provider's responsibility, in reality the onus falls on the organization storing the assets.
The Cloud provider is simply responsible for securing the physical infrastructure of the Cloud - not the assets. Therefore, it is up to the financial organizations to partner with their service provider and consider all the "FinSec" solutions necessary to secure their data.
For more information on how Herjavec Group can transform the security posture of your financial organization, contact an HG security specialist.