Cyber-attacks against the financial services industry have become more frequent, more sophisticated, and more damaging than just a year ago. If history is our guide these attacks will only increase in the future.
In light of the recent pandemic, remote work and entities moving more and more towards digitizing their offerings the threat vectors have increased in number and the attackers have improved their techniques in phishing, spear phishing and all other forms of social engineering.
If that weren’t enough of a challenge, the financial services industry has been the focus of unprecedented scrutiny by both state and international regulatory bodies as a number of new government regulations and industry mandates have been introduced. These regulations and mandates aim to ensure that companies in Financial Services are either providing increased protection to customer information or are decreasing their operational and business risk through better internal controls and risk management. As a result, there has been a significant increase in demand for solutions that improve customer privacy, data reliability, integrity, and security.
— vmware news
Recently the Securities and Exchange Commission (SEC) proposed amendments to its rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies. The proposed amendments would require, current reporting about material cybersecurity incidents and periodic reporting to provide updates about previously reported cybersecurity incidents. The proposal also would require periodic reporting about a registrant’s policies and procedures to identify and manage cybersecurity risks; the registrant’s board of directors’ oversight of cybersecurity risk; and management’s role and expertise in assessing and managing cybersecurity risk and implementing cybersecurity policies and procedures. The proposal further would require annual reporting or certain proxy disclosure about the board of directors’ cybersecurity expertise, if any.
Risk management, governance and compliance frameworks developed by the SEC, NIST, PCI, ISO, GLBA, and the FFIEC all provide guidance in managing risk and identifying security gaps. While they provide the guidance, often times the challenge is finding the right skilled personnel to implement these requirements.
TBG Security has been helping financial institutions meet these challenges over the last 20 years. As a trusted advisor in the financial services industry we have a number of services from supplying Virtual CISO services, regulatory assessment services to in depth security analysis of your current infrastructure security posture thru penetration testing and social engineering or red team services.