Recently the headlines have been dominated by one external IT security breach after another – data, money and ID's stolen. Given the size and scale of the attacks, no business can now ignore the fact that everyone is exposed. Indeed, such is the threat to a country's critical infrastructure that Governments are now getting directly involved, with both the UK and US having recently issued cyber security guidance. The UK has released guidance via its Government Communications HeadQuarters (GCHQ/CESG) and the US via its National Institute of Standards and Technology (NIST), on a framework to help firms "understand, communicate and manage their cyber risks", according to the NIST report. This has firmly positioned the need to have a Cyber Security posture/capability at Board level and as the CESG report says, "Put Cyber Security on the agenda, before it becomes the agenda".
Whilst there has been much talk about whether or not the current voluntary status of the guidance should be made compulsory, the initiatives are never the less welcomed by the team at Ballintrae. Our own financial services clients have broadly adopted a lot of the guidance, however, there are always areas for improvement. In fact, both documents have been produced as 'living' to ensure that they evolve just as the threats do on a daily basis. Industry at large will also, hopefully, benefit and learn from the thinking around security and thought leadership taken by the majority of the major companies.
Whilst both documents are very helpful in helping structure a Cyber Security policy within an organisation, there are a multitude of areas to consider, so as a given organisation can ensure it has robust cyber security protection. Key areas to look at include: Identify, Protect, Detect, Respond & Recover. The report states, "Be a hard target – learn from others".
Ballintrae adopted this approach some time ago and it is the reason behind our IT Security Forum. Our quarterly events are attended by key IT Security representatives from Tier 1 global Investment & retail banks, along with a wide range of other financial services organisations, where members collectively share knowledge, approaches and key solutions.
In short, we're better together!