Banks Shuffle Toward Formal Vulnerability Assessment and Security Awareness Training to Fulfill on Security Leadership Best Practices

The loss of brand reputation over data breaches due to lack of risk management strategies looms as a major issue for many banking executives, according to a 2017 Ponemon Institute Study.  But, the industry remains unclear as to just what security leadership should look like.  About half have not put any budget dollars to security planning for risk management for this year, according to the study.

Still, banks of all sizes are going to pay even more attention in 2017, according to financial cyber industry reports:

  • Financial cybersecurity systems are predicted to grow to $68 billion by 2020.
  • US financial industry cybersecurity ranked No. 4 out of 18 of the US economy’s industries in 2016.

We encourage the banking community to begin that security planning for risk management with us.  On Feb. 21st, Aspectx, PatchAdvisor, and ATAATA took a closer look at how the right measure of vulnerability assessment and security awareness training in the rank and file of your banking environment can make the difference.

The companies offered a free webinar which has been archived for on demand viewing, for banking executives looking for the right mix of activities.  This is a follow-up of an Aspectx 2017 series to be held every other month.  The first seminar, entitled “Shaping Your Future in Banking Cybersecurity,” was held in conjunction with BSG Financial Group.

Tune In Now to Listen to the Webinar on Demand

Internal communications plays a key role in syncing up what must be done this year.  It’s still the first quarter, so jump into the important components for success drivers with us.  “Employees make bad security decisions, largely because they don’t have a reason to care about security. We need to show them why their actions (or inactions) matter and how their choices can impact the company and their own lives,” said Jann Yogman, VP of Marketing for ATAATA.

Assign It and Own IT:  Appoint a CISO and Understand the Role

The answer for banks, and other industry sectors, may be the appointment of a CISO that can run down his or her checklist in understanding risk and moving into action-oriented decisions, according to Vickie Miller, VP and CISO at FICO.  In the February 2017 edition of Information Security she talks about how “understanding ramifications” surrounding security requires a certain breadth of knowledge.

This is where experts can come in.  She cites diplomacy and “thick skin” as being a part of the process leading to security leadership best practices.

While the banking community looks to discover its best practices for 2017, one need only look to the White House for what not to do. Democratic members of the House Science, Space and Technology Committee seek Congressional leaders to investigate cybersecurity lapses by the Trump Administration, including President Trump’s Android unsecured phone from which he tweets.

On Finding Best Practices: NIST guidelines Takes Us Back to Basics

Recent new NIST digital identity guidelines for passwords for security authentication and lifecycle management came with a recommendation to make policies more user-friendly.  All passwords should be “hashed, salted and stretched when stored,” and “not all passwords should expire in a pre-set period,” as reported by Michael Cobb, CISSP-ISSAP, a renowned security author in Information Security magazine, February 2017.

And, users should be encouraged to create longer phrases instead of hard-to-remember passwords.

Sometimes the first marching order toward planning outside the boardroom for proper network security is the hardest.  But, don’t compromise and look to begin a plan for risk management, which we know — in 2017 — will include vulnerability assessment, and security awareness training, even password review.


Comments are closed.