当我们进入新的十年, we stand reminded that technological innovation and cybersecurity threats continue to develop and evolve at an incredible pace. Firms must therefore continue to build the proper defenses to protect consumer confidential data and financial market integrity. Cyber threats have become one of the top threats to vnsr威尼斯城官网登入业 and the ability of firms to be resilient in the face of these threats is paramount.
But where exactly does the industry currently stand in regard to the resources dedicated to cybersecurity safeguards and resilience activities? 一项由 Gartner, 世界领先的研究和咨询公司之一, reported that worldwide spending on information security products and services in 2017 tallied USD 101 billion and predicted that figure would increase to USD 124 billion heading into this year.
同时, 云计算等新技术解决方案, 分布式账本技术, 和人工智能(AI), continue to transform the way vnsr威尼斯城官网登入业 operates. We must understand the different risks that new technologies can introduce and how the assessments of these risks require a keen understanding of the technology and the risks inherent with how the technology is implemented. 存白皮书, DLT网络的安全性, provides examples of risks that should be considered when using this emerging technology. 随着企业不断创新, they also need to consider and address the risks that come with technology’s use.
不断变化的威胁形势的影响
的 存系统性风险指标调查, 2013年首次推出, serves as a semi-annual reflection on existing and emerging risks that have the potential to impact the safety, 全球金融体系的弹性和稳定性. 的 latest edition found that 63% of survey respondents ranked cybersecurity threats within the top five risks to the global financial industry while 22% cited it as the top risk. 记住这一点, it is clear that the industry continues to see cybersecurity threats as one of the most pressing concerns.
Financial firms are not alone in understanding cybersecurity threats; global policymakers have also taken note. 金融稳定委员会, an international standards-setting body that makes recommendations on the global financial system, issued a 2017 report that found that 72% of its jurisdictions were planning to provide additional cybersecurity guidance within the year. It is clear that an attack on one or more institutions can have a domino effect across the financial sector, therefore policymakers and regulators are working to provide principles and guidance to promote best practices to manage these risks. 然而,仅仅保护机构是不够的. 随着企业继续在自身运营中建立弹性, cyber threat actors shift and focus their efforts on third- and fourth-party vendors as a means to gain access to financial data. 结果是, vnsr威尼斯城官网登入业, 监事, and standards-setting bodies must continue to be vigilant in addressing these risks and promoting third-party resilience.
行动方针
的re are several strategies that firms can take to mitigate cybersecurity risk. Although these preventative actions can help minimize many threats, it is of utmost importance for firms to know how to respond and recover from a cyberattack when it does strike. Firms should understand and identify single points of failure in the business services provided by the organization. 在此基础上,公司可以做以下事情:
1. Develop recovery strategies that will allow for the full or partial recovery of the organization’s business services. 接下来,重要的是
2. Understand the controls that are or will be in place to mitigate risks to the organization’s business services. 最后,公司必须这样做
3. Test these controls and the associated recovery strategies through tabletop exercises and systems testing to address any gaps and ensure preparedness.
通过执行这些任务, financial institutions will be better positioned to understand their operational risks and can develop responses that decrease the operational friction when an attack occurs.
展望未来
Firms must continue to evolve their cybersecurity and cyber resilience practices while considering their individual firm and their potential impact on the financial ecosystem. Firms must balance their resources between innovation- and revenue-generating channels and those used to respond and recover from malicious cyber activity. Firms must also understand the risk and resilience capabilities of its third- and fourth-party vendors and the potential impact these organizations may have on an organization’s services. 最后, firms must engage with other sector participants to provide and develop sector-wide solutions and responses in the face of an attack against the industry. 随着我们继续优先考虑这些领域, we will continue to boost the industry’s ability to protect against attacks and recover quickly, 如果发生的话.
本文最初发表于 安全杂志 2020年5月7日.