- May 26, 2020
- Posted by: Pat Riot
- Categories: CPA, CyberSecurity, Finance
Keeping up to date on the latest rules and regulations concerning virtual information can be a bit overwhelming. Between GLBA, PCI, SOX, and policies written by the private organizations such as the Finance Industry Regulatory Authority (FIRA) it’s almost impossible to know every guideline in the Financial Sector. According to a Bank Policy Institute, there have been over 40 regulations written/proposed on Cybersecurity since 2014. Because of how quickly the cyberworld can evolve, the Financial Sector and societal regulations limit how quickly organizations can respond to virtual attacks. This is part of the reason why cyber criminals target the financial sector, so much as 71% of data breaches in 2019 were financially correlated, per report. The most important step any Financial organization can take to efficiently manage cyber threats is to create a solid security framework. Below, we broke down a couple of organizations that help compliance processes easier to handle.
The National Institute of Standards and Technology (NIST) highlights the five keys components in cybersecurity framework: Identify, Protect, Detect, Respond, and Recover. NIST works towards bridging the gap between technology and business with constant updates to counter the ever-evolving cyber threats. NIST has helped a wide range of organizations to create a secure security posture within their environment from the University of Pittsburgh to the Israel National Cyber Directory by leveraging the NIST Framework. If you are interested in learning more about their success stories, you can read more about it here. At Steel Patriot Partners, we leverage the NIST framework in every single one of our customer engagements.
The Federal Financial Institutions Examinations Council (FFIEC) created an Information Technology Handbook that outlines all the important security guidelines on information security. The handbook covers everything from security culture, oversight of third-party service providers, to security laws & regulations. The FFIEC created this handbook to “establishing consistent guidelines and uniform practices and principles for financial institutions. FFIEC guidelines provide financial institutions with expectations for compliance.” per CISWEB. You can learn more about the FFIEC and their work, here. As you can probably see, the regulations and policies are complex and extensive as they impact every aspect of your financial business. If you need assistance or simply do not want to deal with technology compliance, our Security Operations team focuses on exactly this.
As cyber threats continue to evolve and change their tactics, so do the rules and regulations for cybersecurity in the financial sector. There is no perfect way to predict cyber-attacks or cyber regulations. But, by using the guidelines provided by NIST and FFIEC your company can take some of the burden from compliance processes, allowing your company to focus on what you do. If you would like more information on cybersecurity and what your company can do to secure its data, please contact us at [email protected] or call 855-578-7272!