“No organization can protect the data that it can’t see, so solutions that provide data visibility and control become an essential investment. They also require capabilities to enable real-time policy and adaptive security enforcement,” says Kate Bolseth, CEO, HelpSystems in an exclusive interview with ITSecurityWire.
ITSW Bureau: What steps can FS firms take to secure their remote workforce in the emergence of cyber-attacks?
Kate Bolseth: To say that the increase in the remote workforce as a result of COVID-19 has greatly impacted Financial Services (FS) is a major understatement. Especially with many home workers lacking the usual office-based security measures, such as web gateway security and intrusion detection/prevention systems. HelpSystems’ recent research with CISOs in FS firms revealed that securing the remote workforce has become a main cybersecurity objective for 42% of respondents, while almost half have already increased investment in secure collaboration tools.
Such steps are essential, given that 45% of FS firms have reported an increase in cyber-attacks since the COVID-19 pandemic first emerged. Even when things eventually settle down, many FS firms are predicted to continually deploy with remote working much more than they did before COVID-19, so protecting remote workers will continue to be vital.
FS firms, therefore, need to speed up their innovation as well as the deployment of effective data protection and threat mitigation strategies. This includes partnering with the right technology vendors and ensuring that staff is leveraging them.
Addressing cybersecurity should always cover the combination of people, processes and technology. Also, the pandemic has given FS firms the chance to re-evaluate where they are with all three.
With most employees working from home, there have been rapid training exercises taking place to reinforce cybersecurity best practices and also the processes to follow should an employee think they have been the victim of a cyber-attack.
ITSW Bureau: Where should FS firms invest their cybersecurity funds to receive a higher ROI?
Kate Bolseth: 92% of FS organizations have increased their cybersecurity investment over the previous 12 months, 26% significantly so. But this investment needs to demonstrate effectiveness and ROI, and ROI in cybersecurity is dependent on many factors.
Selecting the right technology provider is obviously important. HelpSystems’ research revealed that several FS firms have multiple cybersecurity tools, most likely as a result of implementing point solutions instead of choosing an integrated provider. 78% of FS CISOs believe that their organization has too many cybersecurity tools currently in use, and 65% confessed that many of the cybersecurity tools currently in use do not integrate well with other tools.
In addition to issues around integration and compatibility, multiple providers also make it harder to realize ROI. Hence, it would be advisable for FS firms to look at vendors’ consolidation when reviewing cybersecurity.
ROI also depends on what that organization is trying to achieve. The three cybersecurity fields that FS firms should focus most of their investments on in the next 12 months are secure file transfer, protecting the remote workforce and networking. Directly or indirectly, all of them are concerned with managing and securing a remote workforce. Therefore putting in KPIs around the number of employees working securely from home and/or the number of incidents would be a right way of measuring and subsequently improving ROI.
ITSW Bureau: How can FS firms secure their infrastructure to protect against cybersecurity threats while meeting the regulatory demands in a constantly changing business environment?
Kate Bolseth: FS firms are not just responsible for looking after their customers’ money; they are also trusted with keeping those customers’ highly sensitive personal and financial data secure. The finance sector faces strict regulation over data privacy, which adds a further layer of complexity to cybersecurity.
Banks must comply with regulations such as the Payment Card Industry Data Security Standard (PCI DSS) and privacy legislation such as the GDPR and CCPA, and they must do so in increasingly challenging COVID-19 conditions.
Individuals are more aware of the growing value of their data and the need to protect it, but unfortunately, cyber-criminals are aware of it too. This means FS organizations are prime targets for data hacks. Data visibility was cited as the biggest security weakness by around half of respondents so it must be addressed effectively.
No organization can protect the data that it can’t see, so solutions that provide data visibility and control become an essential investment. They also require capabilities to enable real-time policy and adaptive security enforcement. Not just that, the FS firms also need to enable violation breach analysis to identify loss of personal data, sources and exposure required for notifications.
Cybersecurity is a delicate balancing act. Policies that are too restrictive will have a negative impact on productivity and generate too many false positives. Policies that don’t go far enough open the organization up to unacceptable levels of risk. Solutions that can adapt and apply the necessary levels of inspection and sanitization, such as removing personal data before it is shared, allows digital activity to continue without disrupting the business and keeps the organization compliant.
ITSW Bureau: What long-term cybersecurity goals should FS firms focus on?
Kate Bolseth: It’s been a hugely demanding year for FS firms and cybersecurity. It’s a challenging environment at the best of times, trying to defend against the increasing sophistication and professionalism of cyber-criminals. But when factor in the cybersecurity challenges brought about by COVID-19, then IT leaders can really see the scale of the task in-hand.
But FS firms also need to look to the future. The day-to-day cybersecurity is important, but perhaps even more so, is ensuring that the organization is prepared for whatever cybersecurity challenges it might be facing in the future.
HelpSystems’ research showed that almost half of FS CISOs believe that COVID-19 has accelerated changes that were already in discussions, such as moving to Microsoft 365. Such projects – the smooth and seamless transition to the cloud without impacting data security – should certainly be a goal for any FS firm over the next few years, with remote working likely to continue even when there is a vaccine for COVID-19.
Addressing digital transformation should also be a key goal. As firms increasingly transform their business operations to better reflect the digital world inhabited by customers, partners and more, cybersecurity too needs to adapt, manage and minimize any risk that comes from digitalization.
Kate Bolseth is Chief Executive Officer at HelpSystems, with overall responsibility for HelpSystems’ security and automation software that simplifies critical IT processes to give customers peace of mind. She joined the company in October 2015 as General Manager of the Cross-Platform business unit where she was responsible for growing HelpSystems cross platform product lines including setting strategy and overseeing execution of all operational functions. Prior to joining HelpSystems, Kate held numerous c-level and executive roles at companies including Jingit, Amcom Software (now Spok), and HighJump.