A survey carried out by the FCA in 2018 highlighted areas in cyber security resilience in which financial services organisations need to focus.
Based on the evolving and increasing threat of cyber-attacks, the FCA conducted a survey in 2018 of 296 financial services firms including hedge funds. The survey focused on their resilience to deal with cybersecurity threats, governance, delivery of change management, managing third-party risks and effective cyber defences.
Firms surveyed varied between small, medium and large organisations operating within the sector. Based on the findings, most firms ranked cyber resilience as their top concern. These firms highlighted weaknesses in the following three areas: –
- People – identifying and managing their high-risk employees and educating them on cybersecurity awareness. These high-risk employees tend to have access to essential systems or sensitive data posing a greater risk to the firm. For example, a favoured tactic commonly used by cyber-attackers is to target the PA of an Executive and impersonate the Executive into tricking the PA to action a request. This could be sending a file, initiating a money transfer or providing access to a system. This is typically known as spear phishing and is a common attack used by cyber-criminals.
- Third-party management – ensuring third-parties that underpin part of the IT infrastructure remain resilient to the advancing threats and that system downtime is kept to a minimum as well as understanding what information they hold.
- Protecting critical assets – understanding and knowing where data is stored, and who has access to it. Without restricting systems and information, it becomes difficult to identify the source of the leak, and understanding the scale of hacks can be difficult.
The results highlight where additional weaknesses lay, and where focus and attention need to be applied to remain resilient against the growing threat of cyber-attack. Some of these reported statistics include: –
- 80% of respondents struggle to maintain a holistic view of what information they and of their third parties hold which could be at risk.
- Between October 2017 and September 2018, 18% of incidents reported to the FCA were operational incidents, further demonstrating the need to educate staff consistently.
- Failed IT changes caused 20% of the operational incidents reported to the FCA between October 2017 and September 2018.
- Third party issues, such as an IT failure at a vital supplier, accounted for 15% of the operational incidents reported to the FCA, validating the need to select an IT partner who has appropriate accreditations in place, such as ISO27001:2013.
Find weaknesses in your IT infrastructure
We’ve prepared a gap analysis for organisations to identify potential weaknesses inline with the 7 areas outlined in the FCA Cyber and Technology Resilience Survey.
As a professional IT services provider with over 30 years experience, we have developed strong relationships with financial organisations, and we underpin their mission-critical systems with 24/7 proactive monitoring and support. To find out more about our suite of IT services, and how we can help keep you up and running, contact us.