Category: Technology

A Community of Defense

By


keyboardOnce upon a time, cyberspace was comprised of hackers who were considered computer whiz kids working out of the basements of their parents’ home. Lovers of technology who were not necessarily looking to harm the systems they explored.

But those days are long gone.

Today our digital neighborhoods are rife with profit-seeking pirates, criminals, and multilevel crime syndicates as well as nation states looking to defend national sovereignty, project national power, and gain an economic advantage. Attacks are increasingly elusive and widespread making for a fast-changing and complex landscape.

No sector, no company, no individual is immune. Not surprisingly, cyberattacks are becoming the top national security threat according to the FBI, with threats to financial firms on the upswing.

As cybercriminals become increasingly more sophisticated and agile, our methods for defending against cyberattacks must expand beyond our own four walls. It requires that we all work together as a community of defense.

“Cybersecurity – Building a Community of Defense” was the theme of a panel I hosted recently prior to the Investment Company’s Institute (ICI) Mutual Fund General Membership Meeting. Joining me were Joshua Larocca, Vice President, Stroz Friedberg; Simon Moorhead, Chief Information Officer, IFDS; and Mark Morrison, SVP & Chief Information Security Officer, State Street Corporation. We discussed the landscape, emerging threats, and prevention. Some takeaways from our discussion:

  • You gain no competitive advantage by keeping cyberthreats to yourself. The Financial Services Information Sharing and Analysis Center (FS-ISAC) is one example of an organization being leveraged by a number of financial services companies. A well-informed and active community of defense is now being endorsed by regulators and law enforcement as well.
  • An agile defense is the best defense. Seventy percent of all breaches are the result of exploiting a known problem (Adobe and Java are among the most targeted applications).
  • No such thing as a secure password. Passwords less than 14 characters can take a hacker less than an hour to crack. In the future, registering your device certificates and using a “Chip and PIN” approach will be the norm.
  • See something, say something. Getting people to recognize threats is the key to prevention. Organizations should look to increase employee training and engagement.
  • Most experts agree that it’s not a matter of if your firm will be attacked but when. Therefore, we’re beginning to see a shift in information security programs to be better prepared to react when the inevitable happens and contain the damage and restore normal operations.
  • Don’t wait until game day. Organizations need to have plans in place and practice them before an incident occurs.

At Boston Financial, we’ve been fortunate and haven’t experienced a security breach. This can be attributed to our layered security approach, supporting a “Defense in Depth” strategy to mitigate known or potential security risks (along with some good luck).

Likewise, our senior management is also highly invested in our Information Security Program, reviewing and approving policies annually. And we have ongoing information security training for our associates, helping foster a culture of awareness and prevention in the organization.

But we’re not naïve. We know, like any firm today, we’re susceptible. And although we have an Incident Management/Response Plan in place that includes internal teams such as Legal, Compliance, Technology, Client Relations, as well as external entities such as Law Enforcement, Regulatory and our Customer Executives, we have to continue to be diligent in our testing.

At Boston Financial, we embrace the community of defense approach. We believe we will all be safer if we share information on cybersecurity and adopt a “Neighborhood Watch” type approach. Cybercriminals may be getting more creative, but we believe all of us are smarter than any one of us. Is your firm part of the community of defense?

Mike Rizzo

Mike Rizzo

Mike joined Boston Financial in November 2000 and is responsible for the Global Information Technology Strategy for the International Financial Data Services (IFDS) and Boston Financial entities and the Business and Technology Services team at Boston Financial. He has over 30 years of domestic and international experience in the technology field, with an extensive background in managing technical environments, people, and projects. Prior to joining Boston Financial, he was the group information officer for the U.S. Mutual Funds Group at Scudder Kemper Investments in Boston. Mike’s experience also includes four years as a Technology Management consultant at Coopers & Lybrand on assignments across the U.S. and in South America, and 13 years at Electronic Data Systems (EDS), developing solutions at various U.S. and European locations. Mike holds a Bachelor of Science degree in business administration from the University of Massachusetts Dartmouth and a certificate from the MIT Sloan School Executive Development Program.

Related Articles

2015 Client Forum – Day Two Recap »

By Kristin Ferguson | September 23, 2015

It’s a Matter of “When”, not “If” »

By Edward McCune | April 21, 2015

Cybersecurity, Intermediary Oversight Hold Their Ground for 2015 »

By Mike McNeill | December 16, 2014
Comments

Your comments mean a lot to us. We want to hear your perspectives, but please know that this section is being moderated and we reserve the right to edit or delete content at our discretion. Please keep your comments respectful and relevant.

+ Post a comment

Your email address will not be published. Required fields are marked *