Establishing an Effective Cyber Security Program for Your Business
As threats continue to mount, understanding and managing cyber security risks has become top of mind for leaders in business and government. Cyber security is widely considered to be one of the greatest challenges facing the financial services industry. At Northern Trust, we work diligently to continuously monitor the global landscape and identify, protect against, and respond to new threats. While experts agree there is no fool proof solution, below are some high level principles for operating in the 21st century cyber threat environment.
Globally, we are in a state of heightened cyber alert.
According to the Federal Trade Commission, business executives often ask how to manage confidential information. Experts agree on the key first step: Start with security. Factor it into the decision making in every department of your business — such as personnel, sales, accounting, and information technology.
START WITH A STRONG FOUNDATION
All cyber security programs must begin with a strong governance foundation — policies, standards, procedures and commitment from senior management are crucial building blocks for protecting data. In addition, performing a comprehensive analysis of the most critical information in your organization will provide transparency into the high risk areas where the majority of your funds and attention should be directed. To gain a picture of the maturity levels of your program, assess your company’s cyber readiness against regulatory guidelines and industry benchmarks or frameworks that are specific to your industry.
Common Tips from Top Security Experts
- Assess your ability to identify and defend against threats that make it past your defenses; it’s only a matter of time before they
- Hire an independent third party consulting firm to measure your cyber maturity levels against both an industry established and trusted framework and relative to your
- Develop, Insource or Outsource operational capabilities for detecting threats that make it past your defenses, and empower that team with appropriate response capabilities.
- Test your systems, applications, and security controls. Hire third party information security compliance firms to identify hidden security weaknesses and potential vulnerabilities in order for them to be addressed and mitigated before they can be exploited by cyber
- Develop, document and test cross functional incident response
- Take advantage of intelligence-sharing opportunities with peers, vendors, law enforcement, and industry
Consider the Use of Big Data for Security Analytics
- Develop an understanding of your systems and environment in a “trusted” state, then monitor for changes or anomalies from that
- Produce appropriate security logs across the spectrum of your environments and ingest them into a big data analytics
- Enrich the data with information that will help provide context to your analytic environment, such as Identity and Access information about your staff and vulnerability information from system and network
- Further enrich your analytic environment with strategic and tactical intelligence from vendors, peers, and industry affiliations. Explore visualization software to help refine security alerts into a more manageable
To learn more contact your Northern Trust representative, or visit www.northerntrust.com/securitycenter
© 2019, Northern Trust Corporation.
All Rights Reserved. LEGAL, INVESTMENT AND TAX NOTICE: This information is not intended to be and should not be treated as legal advice, investment advice or tax advice and is for informational purposes only. Readers, including professionals, should under no circumstances rely upon this information as a substitute for their own research or for obtaining specific legal or tax advice from their own counsel. All information discussed herein is current only as of the date appearing in this material and is subject to change at any time without notice. This information, including any information regarding specific investment products or strategies, does not take into account the reader’s individual needs and circumstances and should not be construed as an offer, solicitation or recommendation to enter into any transaction or to utilize a specific investment product or strategy.
The Northern Trust Company | Member FDIC