Cyber security still a concern for financial sector

Cyber security is still a concern for the financial sector, says new research [Image: da-kuk via iStock]

Cyber security is still a top concern for financial institutions around the world, according to the the Financial Services Information Sharing and Analysis Center (FS-ISAC).

In its 2018 CISO Cybersecurity Trends, the FS-ISAC found that chief information security officers (CISOs) think employee training is a top priority for improving security in the financial sector, with 35 per cent of those surveyed reporting this to be the case.

Meanwhile, infrastructure upgrades and network defense are a priority for 25 per cent of CISOs, and breach prevention is a top concern for 17 per cent of those surveyed.

The research found that CISOs who report to a technical function like chief information officer prioritise infrastructure upgrades, network defence and breach prevention. Those CISOs reporting to a non-technical function like the chief operations officer or the general counsel prioritise employee training.

According to the FS-ISAC, although “cyber security used to be handled in the server room, it is now a board room topic”. Its new research found that quarterly reports to the board of directors were most common (53 per cent), with some CISOs (eight per cent) reporting more than four times a year – or even on a monthly basis.

The company added that in the current era of “increasing security threats and vulnerabilities, CISOs know that keeping top leadership and boards updated regularly on these security risks and effective defences is a top priority”.

Following on from its research, the FS-ISAC has recommended that training employees should be prioritised for all CISOs, regardless of reporting structure because employees serve as the first line of defence.

It also recommended that employee training should include awareness about downloading and executing unknown applications on company assets. It should also focus on training employees on how to report suspicious emails and attachments in accordance with corporate policies and relevant regulations.