Cyber Risk – The New Norm
•Download as PPTX, PDF•
1 like•419 views
The Tech Revolution and Cybersecurity: A tumultuous relationship? With evolving applications of technology within the asset management industry, data protection remains top of mind. While many large and tech-savvy asset managers are employing advanced cybersecurity protections, many smaller firms are also adopting a new norm, hoping to demonstrate a true commitment to data protection. Do you have an end-to-end view of your total IT and data flow environment? Hear from information security experts on how asset managers can keep risk assessments current and follow best practices to help safeguard the industry from cyber threats. Fund companies and professional service firms will benefit from this informative webinar, addressing issues such as: - The evolving public policy landscape - Shifts in IT security priorities - Roadmap for remaining cyber-ready
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Cyber Risk – The New Norm
Similar to Cyber Risk – The New Norm (20)
More from NICSA
More from NICSA (20)
Recently uploaded
Recently uploaded (20)
Cyber Risk – The New Norm
- 1. SPONSORED BY: Cyber Risk: The New Norm Wednesday, May 10, 2017
- 2. SPONSORED BY: MODERATOR: PANELISTS: David Jordan Chief Information Security Officer Invesco Keith Hale CEO, Multifonds Michael Anaya Supervisory Special Agent and Cyber PCOR FBI Atlanta
- 3. The Current Cyber Landscape Increased Risk Social engineering Infrastructure weakness Increasing interconnectivity of financial ecosystem Lack of industry collaboration Rapid pace of technological advancements Increasing digitalization Evolving Public Policy NY DFS FRB, OCC, FDIC CFTC FinCEN FINRA GDPR PSD II
- 4. Evolving Roles: CISO, FBI Expanding Roles: Protect: shield and defend Monitor: hunt and detect Govern: comply and educate Respond: recover and sustain Advise: manage risk and report TECHNOLOGY EXPERTS | RISK ADVISORS Three Tenets: C:“Confidentiality”; Who has access to what? I: “Integrity”; Is the data correct? A: “Availability”’ Is access enabled when it’s needed?
- 5. Risk Assessment: A Shift in IT Security Priorities Networks Hardware Software mobile applications | artificial intelligence | robotics | blockchain | cloud solutions
- 6. Anatomy of a Breach Intrusion Lifecycle Initial recon Initial compromise Establish foothold Escalate privileges Internal recon Move laterally Maintain presence Complete mission Investigative Actions Financial loss Logs Evidence Subject matter expertise Inquiries US Court Systems & the FBI
- 7. Polling Question Do You Feel “CYBER-READY?” a) Yes b) No
- 8. SPONSORED BY: CLARITY Identify roles from top down Define responsibilities from C-level to junior employees FITNESS Constantly reassess internal and third-party security capabilities Upgrade/transform existing systems READINESS Achieve situational awareness Know the current landscape (traditional v. new threats) Create response team Take a proactive stance Firm Preparedness: What Should My Firm be Doing?
Editor's Notes
- Moderator: Welcome to another NICSA Webinar Wednesday. Today, we will be talking about current trends in cyber threats facing the asset management industry and what businesses can and should be doing to safeguard client data and other sensitive information—and we’ll be doing this through two unique lenses: from that of a Chief Information Security Officer of a leading global asset manager, and an FBI cyber expert. We’d like to thank ALFI, The Association of the Luxembourg Fund Industry – an organization with a long-standing partnership with NICSA – for sponsoring today’s event. [Introduction of self, brief bio] [SPEAKING TIME: 2 minutes]
- To begin, I would like to take a few minutes to cover our objectives and introduce our panel. In this webinar participants will: Understand the current cyber risk landscape Gain insight into how CISOs are assessing risk and prioritizing IT spend Examine best practices related to governance and risk management processes Introduction of panel, BIOS below: David A. Jordan is the Chief Information Security Officer for Invesco. David’s primary responsibility is for the strategic design and implementation of Invesco’s Information Security and Business Recovery Services. David’s been with Invesco since 1998 and previously worked for the Management Consulting Services practice of Price Waterhouse, and the British Ministry of Defense in London. He is a Certified Information Systems Auditor and a Certified Information Security Manager. We also have Michael Anaya, a Supervisory Special Agent with the FBI’s Atlanta Field Office’s Cyber Squad. Cybercrime takes on many forms, and it is the FBI's role in the cyber landscape to address all forms of this persistent threat. Michal has conducted work as a lead Agent on several complex cyber cases and has a breadth of knowledge (spanning 12 years) in various other investigations involving program fraud, extortion, terrorism, fugitive apprehension, and counterintelligence. [Speaking time: 3 minutes]
- Question 1: Let’s begin with a “state of the union,” if you will, of the current cybersecurity environment. What are the biggest cyber risks for the asset management industry today and how has this changed over the last few years? [FBI] – Overall view of the environment; biggest cyber threats for financial institutions [CISO] – Real world examples of security breaches (Swift Network, Bangladesh hack) Question 2: It’s been a busy year for global financial institutions as they’ve tried to keep up with cyber standards. We’ve seen regulations emerge from several regulatory bodies – with a keen focus on upping the ante on cyber risk management. While all of these standards are a positive for the industry, many firms -- here and abroad -- are struggling to reconcile the guidance from the various sources. Which regulations are top of mind for asset management executives? [CISO] – What CISOs are watching (in terms of regulations); impact to businesses; touch on vendor risk management, and incident response [FBI] – Frameworks that are trying to be established; incentives to disclose breaches Question 3: Where do you see it going from here (in terms of regulations/cyber spend/risks)? What do you think is on the horizon? [CISO] – Outlook on cybersecurity scope/scale [FBI] – Outlook on risks [Speaking time: 11 minutes]
- Question 4: Let’s dig a little deeper into the business implications. How are business models changing in asset management? What is the “new normal”? [CISO] – Define “new normal” – what asset managers should be doing; “must haves” in today’s environment. Question 5: David, can you give us your take on how the role of Chief Information Officer has evolved over the past 5 to ten years? And what do you think CEOs and boards need to know about cybersecurity? [CISO] – Overview of evolution of CISO. Question 6: Michael, how has the role of the FBI changed in terms of its direct interaction with CEOs and boards? [FBI] – CEOs and boards need to know threats/understand the landscape [Speaking time: 11 minutes]
- Question 7: With constant innovation in fin tech – from mobile applications, to artificial intelligence and blockchain technology – how have the security priorities changed? How do firms keep pace with technological advancements while at the same time increasing their data security processes and procedures? [CISO] – Tech should be lockstep with security; importance of risk impact analyses [Moderator] – RFPs, number of security questions rising Question 8: Given the acceleration of technology and increased scrutiny on governance over data security, where are firms making investments and why? What are big tech-savvy firms doing, and what should smaller firms with limited resources be doing? [CISO] – Increased efforts in intelligence gathering [Speaking time: 9 minutes]
- Question 9: So, what happens if there is a breach? What is reportable, what’s not? How does the FBI work in relation with the US court system? [FBI] – Thresholds for “reportability”; when servers are ceased/businesses shut down; Overview of FBI and US court system (and how investigations may be impacted) [Speaking time: 5 minutes]
- Question 9: So, what happens if there is a breach? What is reportable, what’s not? How does the FBI work in relation with the US court system? [FBI] – Thresholds for “reportability”; when servers are ceased/businesses shut down; Overview of FBI and US court system (and how investigations may be impacted) [Speaking time: 5 minutes]
- Question 10: We have discussed the policy landscape, the emerging risks to businesses, and the evolving role of technology professionals within the asset management industry. Reflecting on all of these themes, let’s end with a synopsis of the most important things that firms can be doing today to safeguard data and protect against security breaches. [FBI] –Get to know local FBI; proactively plan for a breach; review of functions as set forth by NIST: Identify, Protect, Detect, Respond, and Recover. [CISO] – How CISCO is managing cyber policies/cyber spend trends [SPEAKING TIME: 9 minutes]
- Moderator: I’d like to thank our panelists for such a thorough examination of these evolving issues. We’re going to open the line for Q&A at this time… [Filler questions: Can you talk a bit about the convergence of cyber and physical security under a single header? In terms of reporting lines, who should “cyber” report to? How would a company work with the FBI? What type of information is requested if there is a breach?] [SPEAKING TIME: 10 minutes]
- Moderator: I’d like to thank our panelists for such a thorough examination of these evolving issues. We’re going to open the line for Q&A at this time… [Filler questions: Can you talk a bit about the convergence of cyber and physical security under a single header? In terms of reporting lines, who should “cyber” report to? How would a company work with the FBI? What type of information is requested if there is a breach?] [SPEAKING TIME: 10 minutes]