Contact Us
Contact Us
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Subscribe to our newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Financial Services

All about assessing financial services firms to manage their cyber security. Helping to identify and mitigate relevant risks efficiently and improving the capability to respond and recover from incidents

Read more
Get a FREE 30 min consultation

Are you happy for Defendza to keep you informed on the latest developments in cyber security (attack reports, guidance, DIY articles)? Of course you can unsubscribe at any time. Please see our privacy policy

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Overview

Cyber risks pose a constant threat to financial services. Financial service businesses are constantly investing in attack protections to protect the vast amounts of data from reputation, regulatory and/or legal implications.

Private equity firms, hedge funds, wealth management firms require constant checks on their controls to ensure minimal attack surface. The financial sector businesses store and process sensitive information such as banking accounts, personal details, futures and investments details, clients' data, proprietary products,tools, algorithms, trading information. All this information is at risk at all times from both external and internal threat actors. 

Challenges

Cybersecurity threats occur on a daily basis. Effective cyber security reduces the risk of cyber attacks and protects against the unauthorised exploitation of systems, networks and technologies.

Technological advances have made banking faster and innovative by improving products to consumers. Similar to financial risk management, technical risk management plays a key role in avoiding major disasters.  If not kept secure, or monitored and acted upon, cyber security attack can bring business operations to complete stop in no time. There is a wealth of information online detailing about how data breaches are hitting reputation along with authorities/ICO fines. Most businesses in this sector highlight cyber weaknesses in the following three areas - People, third party management and protecting their assets.

Major findings from FCA conducted multi-firm review on wholesale banks and asset management around the end of last year. Most of the firms reviewed relied on risk and controls assessment (RCA) without getting involved in in-depth technical exercises to assess the accuracy, scale and nature of risks. The main findings raised valid questions around the following challenges:

  • How well Board and Senior Management's decision making is impacted by the understanding of cyber risk profile?

  • Are firms taking a proactive approach towards cyber security to ensure it's an organisation-wide priority?

  • How effective is second line (CISO, CXOs) in identifying and managing cyber risks? 

  • Have firms drawn connections between cyber and conduct risk?

Helping financial services with their security concerns.
Call Us Now

Are you prepared ?

What systems and controls are in place to mitigate against supply chain attacks?

A supply chain is a chain of dependencies in goods or services. Supply chain compromise is the manipulation of products or product delivery mechanisms prior to receipt by a final consumer for the purpose of data or system threat. A supply chain can be compromised in various ways, for example, through the exploitation of third-party data stores or software providers.

How do you process and store personal data of your clients?

The loss of client information can have a devastating impact on a sector that has confidentiality at the heart of its business. Firms storing sensitive information, third party data, transactional records are likely to be at a higher risk of data breach than a local high street firm. Therefore, it goes without doubt that secure information storage and processing practices would help minimise the attack surface.

What systems and controls are in place to decrease insider threats?

Insider threats are counted amongst the most significant cyber-risks in the financial services sector. Businesses tackling this issue regularly validate their controls around logical access controls, spear-phishing, threat intelligence and regular penetration testing. In addition to technical controls, staff awareness and understanding through training helps build security-conscious culture.

Are you evaluating product security before deployment at scale?

Gone are the days when senior management can sign the contracts to buy new products after a quick sales demo. Nowadays buyers need to be aware of connections between the cyber profile of their organisation and the product offerings. What matters is how these products stack up in your environment and more products mean added data complexities, leading to potential risks. Even in the mature security teams, technical evaluation of new security products to be purchased is missing from the decision making process. We perform technical product evaluations to help you make more informed decisions on what products are better suited in your environment.

Are there any technical assurances sought after risk and control self-assessment (RCSA)?

Many times, businesses perform their risk and control self-assessment (RCSA) to identify information security risks. FCA reviews have outlined how risk and compliance professionals, and lack of cyber-expertise is a challenge. An accurate risk assessment of an asset starts with technical risk assessment providing ground reality with proof of supplemental data.

Sector Experience

This section refers to specific project based experiences in this sector. These were conducted at retail and investment banks, private equity firms, wealth management institutions, M&A due diligence and Tier 2 businesses.

Key benefits

✔ High Risk Platforms – FIX, Futures Trading Applications, Gateways, Investment Banking products, Mobile and Corporate Banking Solution

✔ Connect Direct, Message Queuing, and Back-end Infrastructure Assessments

✔ Regulatory Requirements i.e. Banking Associations of Singapore, FCA, PCI DSS

✔ Estate wide SAP Implementation Security Reviews

✔ Smart Card Authentication Device Assessment

✔ Big Data Security Assessments

✔ BTP (Banking Transformation Programme) Security Reviews

Your business could be next in line for cyber attacks.
Call Us Now

Resources

Financial services top cyber attack target

31/07/2019

Financial services are among the most attractive targets for cyber attackers, security researchers reveal, with phishing and credential stuffing among the top threats. A broad range of cyber threats are facing the global finance industry, which represents a one-stop shop for attackers

UK finance cyber incidents spike by 1,000%

22/07/2019

Britain’s financial industry suffered a 1,000% increase in cyber related events in 2018, including more targeted hack attacks a cyber security specialist has revealed. Nearly half of firms do not upgrade or retire old IT systems in time.