Other parts of this series:
In my first blog in this series I introduced you to the “Accenture Security Index” and in my most recent blog I discussed a number of cyber security areas where banks are falling short—areas like cyber-resilience, business-relevant threat monitoring, and identifying high-value assets and processes.
Given the banking findings of the Accenture research report on cyber security, what steps should banks and their security functions take? Here are a few actions to consider in light of the findings of the Accenture Security Index:
Pressure-test your security capabilities
Attack simulations help to build “muscle response” within the organization when its resilience is tested. Yet only 41 percent of banks are highly competent at defining cyber-attack scenarios that evolve with the changing threat landscape and have board-level involvement in their planning and execution.
Engage the Chief Executive Officer (CEO) and board. There may be no better way to establish the business relevance of cybersecurity than to include them in cybersecurity crisis drills, simulations and exercises. Leadership should experience firsthand exactly what can go wrong, how bad the situation can be and their precise role in leading the company through the crisis.
Protect from the inside out
To successfully protect from the inside out, organizations should:
- Prioritize the protection of key assets
- Focus on those internal incursions with greatest potential impact. Instead of attempting to anticipate a seemingly infinite variety of external breach possibilities, banks can concentrate on the relatively fewer internal incursions that really matter.
Make security everyone’s job
Prioritize training for all employees. Employees play a critical role in detecting and potentially preventing breaches. They are often a firm’s first line of defense. Appropriate training (for example, role-based training or instruction tied to their job functions) can pay extraordinary dividends.
The Accenture Security Index successfully alerts senior security executives and business leaders about where they need higher levels of cyber security performance. They can now take the proper steps to protect key assets and processes with greater certainty. In doing so, they can help create the environment and build the confidence needed for their business to grow securely.