FINANCIAL SERVICES
Get In Touch
We will not share your details with third parties.
Cyber security across the financial services
Financial businesses are directly linked to wealth, and the global economic system at large making the sector an attractive target for cybercriminals varying from motivated hackers to state-sponsored campaigns. Financial sectors businesses require advanced cyber security measures in place compared to other industries.
Technological advances have made banking faster and innovative by improving products to consumers. Similar to financial risk management, technical risk management plays a key role in avoiding major disasters. Loss of compliance due to ISO 27001, PCI DSS or related regulations is another security risk to a financial services business.
What are the key security challenges ?
- Safeguarding sensitive information
- Reducing growing risk with modern IT infrastructure
- Balancing cyber security with legacy systems
- Data breach detection, response and recovery
- Ensuring compliance
- Distributed Denial of Service (DDoS) Attacks
Risk and Controls Self-Assessment (RCA) & Cyber Risk Management
In 2018, FCA came up with major findings after conducting multi-firm review on wholesale banks and asset management . Most of the firms reviewed relied on risk and controls self-assessment (RCSA) without getting involved in in-depth technical exercises to assess the accuracy, scale and nature of risks. The main findings raised valid questions around the following:
- How well Board and Senior Management’s decision making is impacted by the understanding of cyber risk profile?
- Are firms taking a proactive approach towards cyber security to ensure it’s an organisation-wide priority?
- How effective is second line (CISO, CXOs) in identifying and managing cyber risks?
- Have firms drawn connections between cyber and conduct risk?
Wealth of experience, skill-set and outcome focussed approach.
What are your key security questions?
- Are you seeking in-depth technical assurance after RCA?
- Are you adopting proactive approach to cyber security?
- Are you performing independent technical evaluation before deployment at scale?
- How do process and store sensitive data?
- Have you assessed internal systems and controls to handle insider threats?
- Are we assessing security vendor risks?
Financial Sector Experience
This section refers to specific project based experiences in this sector. These were conducted at retail and investment banks, private equity firms, wealth management institutions, M&A due diligence and Tier 2 businesses.
Key Projects
- High Risk Platforms – FIX, Futures Trading Applications, Gateways, Investment Banking products, Mobile and Corporate Banking Solution
- Connect Direct, Message Queuing, and Back-end Infrastructure Assessments
- Regulatory Requirements i.e. Banking Associations of Singapore, FCA, PCI DSS
- Estate wide SAP Implementation Security Reviews
- Big Data Security Assessments
- BTP (Banking Transformation Programme) Security Reviews
Need advice or help from our friendly team?
Recent Blog Entries
3 Principles of Information Security (Threats & Policies)
Read about 3 principles of information security and difference between information and cyber security. Further details include basics around security policies and their importance.
Top 7 API Security Risks (including prevention tips)
With APIs meteoric rise, most of our important data is consumed by API endpoints. It is important to ensure security is not an after thought. Read about top API security risks, attack examples and prevention measures.
Brexit and Data Protection | UK GDPR Law
Explaining the differences between DPA vs GDPR, for those wondering the differences between DPA and the newest GDPR legislation.
Top 6 Healthcare Cyber Security Threats and Best Practices (2021)
Healthcare troubles have worsened in 2020, facing two-pronged attack – Pandemic and Cyber Threats. Read our article detailing cyber security threats and best practices to follow in the healthcare sector in 2021. Discover more.
Facts About Computer Viruses & Malware (including 6 Virus Myths)
Read about interesting fun facts about computer viruses, their history and types. A fun read to beat your post lunch blues.
eCommerce Security : Cyber Threats & Best Practices (2021)
eCommerce platforms such as BigCommerce, Magento, Shopify are an attractive target for attackers. Learn what are the cyber threats facing eCommerce sector and best security practices to secure these businesses.
OWASP API Security Top 10 (With examples & fixes)
OWASP API Security Top 10 are the go to standard for API security. This article presents attacks, examples and how to prevent API security attacks. Discover more on thecyphere.com.
OWASP Top 10 Application Security Risks (With Examples & Recommendations)
OWASP Top 10 Web Application Security Risks are the go to benchmark against web application attacks. This article presents attacks, examples and how to prevent these web application attacks. Discover more on thecyphere.com.
Top 7 Office 365 Security Best Practices (includes Actionable Tips)
Office 365 security best practices with actionable tips to improve your organisations’ security posture. We highly believe that with products, it’s more important to get the best out of product features first before investing into high end consultancies or shopping new products. We hope this article offers a useful advice for your organisation.
Red Team vs Penetration Testing – Which one is the right choice for your business?
With cyber threats increasing at exponential rate, defensive techniques must evolve at the same rate. Red Team vs Penetration Testing – Which one is the right choice for your business? Both have pros and cons, but what’s best for your environment. Whether you should do it, when not to do it, benefits, costs and vendor selections.