Security at the Speed of Business in Financial Services

Twitter: @mattbuller

Compute elasticity gives financial services firms a competitive advantage, period.

From investment banks to hedge funds, and DMA (Direct Market Access) to HFT (High Frequency Trading); the complex algorithms that power nanosecond calculations and transactions drive competitive advantage and market success. This is known. It’s why these firms invest billions of dollars in elastic, scalable infrastructure – from vertical compute in data centers for prime brokerage, to spinning up VMs (virtual machines) in a cloud to run a Monte Carlo simulation on a new instrument. However, the new world of compute, network, and storage present significant cybersecurity challenges. Technology is no longer just inside the firms’ buildings.

At the same time, financial services faces a barrage of security and compliance issues that, quite frankly, slow them down. Mounting regulations and compliance now bleeds from economic policy to technology policy. Think MiFID II, GDPR, SWIFT CSP, FFIEC, NYDFS¹ and so forth. As mentioned in the Accenture financial security study, cyberattacks cost financial services firms more to address and contain than in any other industry.²

• The average number of breaches per company has more than tripled over the past five years, from 40 in 2012 to 125 in 2017.
• The average annualized cost of cybercrime for financial services companies globally has increased by more than 40 percent over the past three years—from $12.97 million per firm in 2014 to $18.28 million in 2017. This number is significantly higher than the average cost of $11.7 million per company across all industries included in the study.
• Just in one year (2016 to 2017), spending on security breaches was up almost 10 percent.

Risk management now factors into the cybersecurity landscape and even VaR (Value at Risk) is arguably evolving as a result. The real question executive teams and their boards ask is, “How do we successfully mesh security and compliance with our dynamic use of massive compute?” It’s essentially a wood-for-the-trees argument; cybersecurity solutions have been point-focused (trees) largly due to the complexity and growth of this technology domain. But, seeing the “wood” is about visibility and the extent of the problem.

More often than not, security and IT teams piece together disparate security solutions from multiple vendors that may address specific problems but don’t communicate or interact with one another and don’t provide full coverage as the infrastructure expands to the cloud, virtualization and mobile. As well, many don’t assist in easing the compliance burden. As a result, executives in the financial sector are often unsure about exactly where to direct their resources to meet these conflicting needs.

Financial services companies have been embracing the notion that security can be a business enabler that safeguards vital data and transactions, minimizes disruption and downtime and streamlines compliance while supporting the need for speed, agility, scalability and change.

How can security and the need for speed work together in parallel? As a starting point, financial services firms must address these foundational questions governing cybersecurity posture and risk:

• Precisely what devices are on the networks – from campus to cloud, wired to wireless – at any moment in time?
• How are these devices connecting and communicating – where are they?
• Does the firm have a visibility foundation, not reliant on agents or owned devices, that gives the knowledge to direct the firm’s resources?

These questions can best be answered by a new mindset that embraces the full extent of cybersecurity:

• Absolute knowledge and visibility –– of all compute, network, storage and mobility assets.
• Effective integration of security tools to enable threat intelligence sharing, accelerated response and streamlined management via a single dashboard rather than divergent, incompatible management platforms.
• Truly scalable security that accommodates the constant shift in connections among assets and applications that typically number in high millions and often billions.
• Advanced management capabilities, such as classification, labeling and tagging, that can easily scale and facilitate asset inventory and tracking, especially business-critical ones.
• Non-disruptive security technologies, like agentless and out-of-band deployment, plus passive techniques, to facilitate business continuity in 24x7x365 markets.
• Full adoption of automation and transformation for measurable return on investment, ensuring response to threats is swift and coordinated within accurate context.

These six extents of cybersecurity help frame how security can enable the elastic demand for technology whilst supporting the firm’s businesses.

Learn more about how ForeScout’s advanced security solutions can support your financial organization’s need for speed.

Dive Deeper into these Webinars on Financial Services compliance:
GDPR
SWIFT
 

¹ https://financeandriskblog.accenture.com/cyber-risk/cyber-crime-in-financial-services-the-big-picture
² Markets in Financial Instruments Directive (2004/39/EC) (MiFID II), General Data Protection Regulation (GDPR), SWIFT Customer Security Programme (CSP), Federal Financial Institutions Examination Council (FFIEC), New York Department of Financial Services (NYDFS)