Enterprise cyber hygiene: A challenge for financial services organisations

Discover more why enterprise cyber hygiene is such a challenge for financial services organisations by our own James Doggett

Why are attacks up when most of the financial services has been working hard and spending lots of money on cyber security?

“It just seems so useless to have to work so hard and nothin’ ever really seems to come from it.”  Tom Petty

Financial services organisations still find it difficult to demonstrate strong control over their enterprise cyber hygiene and thus effectively remediating cyber security risks.  This is because the bigger the company, the more challenging it is to maintain these ‘basics’, such as identifying their IT assets, updating software, patching it, operating standard controls and educating the users. However, given that addressing this issue of enterprise cyber hygiene could stop the majority of all threats, it needs to continue to be a key focus for financial services security teams around the globe.

Back to the basics

Why is it that industry has been trying to solve the basics of security for literally decades?  They are still dealing with too much access, code vulnerabilities, system patching, etc.  And it’s not like they haven’t been trying. In fact many of them have been trying so hard, to no avail.   It’s so easy today to get caught up in the latest threat, the latest article the Board flags and play the whack-a-mole game in security. Not only is this inefficient, but it takes their eyes off the real problem – enterprise cyber hygiene.

Additionally, they seem to have more and more people wanting to challenge, audit, or review their cyber security posture, especially those in the financial sector.  Does having audit, regulators, 2nd line of defense, vendors and partners constantly testing their security interfere with normal operations?