Page 27 - Cyber Warnings
P. 27
Innovating Technology to Lower False Positives and Generate
Efficiencies with Cyber Defense Solutions
The finance sector is no stranger to adversity. In recent years, organizations at all levels
operating within this sector have been marred by almost constant cyber-attacks.
Compounding that challenge is the alert fatigue that false positives produce within the Security
Operations Center (SOC) at most financial institutions.
In late September of 2016, the New York State Department of Financial Services (DFS)
shocked Wall Street with a piece of legislation aimed at mandating specific cybersecurity
protocols for banks, insurance companies and other financial services institutions.
Touted as a “pioneering mandate” in the realm of cybersecurity and financial regulations, the
DFS mandate, if adopted, will take effect on March 1, 2017. And if it works as intended in New
York, where many financial institutions are based, it could act as a guideline for new rules
across the country.
The new DSF regulation would implement an extensive new set of rules for all financial
institutions, even those with existing cybersecurity infrastructures. All financial organizations in
New York will have 180 days to comply with the DFS standards once adopted.
The key requirements of the DFS regulation requires that companies shift in focus from ad-hoc
cybersecurity policies to having cybersecurity as a proactive, organizational core competency.
The requirement seeks to obligate financial organizations to develop a holistic view that includes
functions such as full data mapping across their enterprise.
With cybersecurity resources already strained, and endless cyber-attacks to defend against 24
hours a day, how can any organization, regardless of funding, achieve compliance with the DFS
mandate alongside true cybersecurity?
One Step at a Time
The purpose of mandates, such as those from DFS, is to give us confidence that financial
institutions are doing things competently. This is in no way inconsistent with the goals of
cybersecurity operations experts.
It is essential that institutions use their data resources, computational resources, and their
human resources, efficiently and wisely to understand the enterprise’s current status.
The necessary situational awareness can be obtained via strong cyber and business analytics,
the kind of analytics that humans are doing today.
27 Cyber Warnings E-Magazine February 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
