The impact that the pandemic has had on the FinServ sector and the increased threat from cyber attacks have made security teams and their professionals particularly valuable to organisations. Research finds that 70% of banks have put cybersecurity as their top priority, which is likely to grow as the situation progresses.
Stephen Roostan, VP EMEA for Kenna Security, a risk-based vulnerability management platform. Here he shares his view on FinServ’s newfound appreciation for cybersecurity teams.
Once referred to within a business as the department of “no” and viewed as a blocker to IT innovation and business transformation, the reputation of information security professionals has steadily improved. As digital transformation has resulted in an ever-changing IT infrastructure, the combination of a crippling skills shortage and the global pandemic has awarded cybersecurity teams a newly-found – but well-earned – respect.
Nowhere can this be seen more keenly than within the finance and banking sector. While this sector has long been a prime target for cybercriminals, the shift to remote working introduced new challenges. A report published by Investors’ Chronicle in November last year found that between January and June 2020, the finance, insurance and credit sector reported at least 122 cybersecurity incidents to the UK regulator under the General Data Protection Regulations, an increase of more than 54 per cent on the same period last year. The report also found that the finance sector suffered 63 fraudulent attacks known as “phishing” from January to June, compared to 37 during the same six months last year. Incidents of ransomware breaches also nearly doubled.
Little wonder then that even before the pandemic, over 70% of banks questioned in a survey by the Conference of State Bank Supervisors (CSBS) stated that cybersecurity was a top concern in 2020.
From Zero to Hero
No longer seen as naysayers standing in the way of progress, security professionals are now more likely to be viewed as knights in shining armour, keeping the business safe and secure from the cyber threats that lurk in the shadows. In fact, according to research from ISC, 71% of professionals outside of the security community now view cybersecurity experts as ‘smart, technically skilled individuals’ – and 9% go as far as to claim they think of cybersecurity professionals as ‘heroes’.
What’s caused this rapid rise in popularity? Let’s take a detailed look….
Rapid Transition Caused by the Pandemic
The ‘stay at home’ caused by the pandemic forced businesses to pivot at speed and at scale. There was a rapid surge in demand for digital capabilities and services, as organisations transitioned to remote workforce models and focused primarily on serving customers through digital channels.
However, this wholescale move to remote digital operations meant organisations now faced a myriad of new risks and vulnerabilities. Cybersecurity teams found themselves tasked with a new mission: supporting business continuity while protecting the enterprise. No easy task when threat actors were quick to exploit the opportunities brought about by the explosion in BYOD usage and the rapid expansion of the attack surface.
Enabling productivity while securing what matters most to the organisation became a mission-critical endeavour, as organisations reimagined architectures to enable remote digital working environments for the long term.
Tackling Cybercriminals is a Team Sport
There is one other important factor that has significantly contributed to the rise of security professionals in the popularity stakes. Today’s modern risk-based vulnerability management (RBVM) platforms measure, score and prioritise the actual risk an individual vulnerability represents across all of an organisation’s assets and applications in near real-time.
Not only does this significantly change the way that cybersecurity and IT teams work together; it also paves the way towards better communication and collaboration between the two organisations.
Over the years, IT teams have become accustomed to being handed a long list of ‘critical’ vulnerabilities by cybersecurity professionals. A practice that has generated much friction and a lot of frustration on both sides.
It wasn’t just the fact that the security teams were perceived as ‘pushing’ unwanted workloads onto IT teams, presenting them with spreadsheets containing large numbers of vulnerabilities they had to ‘fix’. All too often this led to disputes, especially when security thought one vulnerability should be prioritised, and IT believed another was more deserving of their attention and limited resources.
Fortunately, modern risk-based vulnerability management (RBVM) solutions provide a single source of truth for everyone to work more closely together in harmony – and in a much more informed way.
Focus on the Right Things, at The Right Time
These highly automated RBVM platforms have enabled security professionals to focus on the 2% to 5% of vulnerabilities that actually pose the greatest risk to their specific enterprise, assigning a risk score to asset groups or departments, so that remediation teams can easily identify which high-risk vulnerabilities they need to address first. Armed with these ‘top fix lists’ that eliminate any need for guesswork, security and IT teams are at last able to align around a common goal; that of reducing risk in the most practical and efficient way possible.
As well as enabling everyone to understand what to fix, why they should fix it, and how to fix it, the most advanced VM solutions are allowing security teams to use predictive modelling solutions. By utilising machine learning algorithms, these technologies can analyse vulnerabilities as soon as they are published and immediately determine how likely they are to be exploited within the organisation’s environment. As a result, the companies leveraging these solutions are now taking a predictive approach to vulnerability management, evolving beyond proactive cyber risk management to better equip themselves to defend against today’s fast-moving threat landscape.
Cybersecurity teams are now held in high regard by both ordinary employees and senior business leaders. The role they play is a crucial one. The introduction of innovative risk-based vulnerability management systems has generated a significant productive benefit to this growth in popularity. IT teams can now seamlessly work in collaboration with their colleagues in cybersecurity to embrace the upheaval in working practices brought about by the pandemic and deliver on a joint mission to keep their organisation safe.