Cybersecurity has been identified as one of the top five risks the financial services sector is facing. 在一个信任至关重要的行业,需要做些什么?
最近在新加坡举行的GovWare会议上, 很多讨论都围绕着风险管理展开, financial 和 healthcare organizations face in the new digital reality – 和 how collaborative cybersecurity efforts are the answer.
在数字经济中,网络威胁已成为不可避免的商业风险. 在GovWare 2023的间隙,CybersecAsia向以下人士提出了一些问题 杰森·哈勒尔, Managing Director, Operational Technology Risk 和 Head, External Engagement, 存.
What are the most pressing cyberthreats facing the financial services sector today?
杰森·哈雷尔(JH): Cybersecurity is identified as a top five risk facing the financial services sector. 根据存的2023年系统性风险晴雨表, 网络风险排在地缘政治风险之后,位居第三 & 贸易紧张和通货膨胀. vnsr威尼斯城官网登入业继续走高, 持续的, 以及资金充足的对生态系统的攻击. 这一趋势预计将持续下去.
The maturation of the financial markets has put continued pressure on financial institutions to effectively manage this risk. There are three primary elements that increase the potential impacts of cyber threats within the financial services industry: interconnectedness, 新兴技术和第三方供应链.
- 联系: 金融市场比以往任何时候都更加一体化和相互联系, 因此,操作影响了金融市场的一部分, 如果重要的, 是否会对金融体系的其他部分产生影响. 虽然互联互通为金融市场带来了许多效率, 潜在风险仍然存在.
- 新技术: Financial institutions continue to find ways to use new technology solutions such as cloud, AI 和 blockchain to develop new products 和 services or to enhance existing products 和 services. 虽然这对vnsr威尼斯城官网登入业有几个好处, 包括, 多样化的融资渠道,增加普惠金融. 这可能会引入新的风险或改变现有的风险. 必须理解和处理这些风险.
- 第三方/供应链: Financial institutions use third parties to deliver certain portions of their products 和 services. 当这些提供程序支持关键业务操作时, financial institutions apply additional analysis on the providers risk 和 resilience capabilities. 然而, if a material cyber incident causes an outage or impairs the service of one of these providers, 它可能会影响几家金融机构.
相关内容:网络安全和不断变化的威胁形势
最近的GovWare会议的主题是: 在新的数字现实中通过合作培养信任. 金融部门如何合作寻找网络风险的解决方案?
JH: 金融机构继续与金融当局合作, 他们的同龄人, 标准组织和政府机构. 网络威胁行为者擅长信息共享和协作, 因此, 金融机构必须同样擅长于此.
Financial institutions are partnering with authorities to underst和 changes to the threat l和scape as well as to identify where rule changes, 可能需要新的规则或指导或附加原则来处理风险. Firms are also assessing how these changes may be best applied to enhance the required to manage the new threat l和scape. 进一步, financial institutions are conducting industry-wide exercises to better underst和 potential weaknesses across the sector 和 to identify potential solutions to these risks.
最后是组织,例如 庇护港 和 网络风险研究所(CRI),也可以为应对行业挑战提供解决方案.
庇护港 provides a data vaulting framework 和 specifications that financial institutions may use to securely store data which can be used as another form of defense against severe data attacks. CRI与金融机构合作, 行业vnsr威尼斯城官网登入和金融当局加强财政司司长的简介.
The FS Profile maps regulatory obligations with industry-accepted frameworks to ease the administrative burden of demonstrating compliance across numerous cyber rules 和 guidance across jurisdictions. 存 serves on the board for each of these organizations to support the development of initiatives across the financial sector.
相关:存的凯利·菲利被任命为CRI美国副主席.S. 标准委员会
How are new 和 emerging technologies impacting the risks faced by financial institutions?
JH: Technology has a central role in a financial institution’s capabilities to deliver products 和 services but also to manage risks. 例如, cloud technology has provided additional capabilities for financial institutions to enhance their resilience 和 consistently implement security across networking environments. Financial institutions also leverage cloud technology to foster innovation 和 to re-imagine financial services in the new digital age.
然而, 常用的第三方提供商, 如在云中可能产生集中风险, where incidents may impact several firms simultaneously as well as increase the surface area where a firm can be impacted.
人工智能在vnsr威尼斯城官网登入领域前景广阔, 随着公司继续评估新的方法,将人工智能引入到更重要的位置. 人工智能已经被用于信贷, 贷款, 资产管理, 和 other financial services 和 represents some initial wins for this technology. Generative AI has recently received larger attention for its potential benefits 和 challenges. 因为它涉及到网络风险, AI can be used to increase the visibility of threats to the computing environment. It is already being integrated into cyber risk management tools used to protect firms.
然而, 为了所有的好处, it is also likely that this technology is being used to generate new malware by threat actors with lower skill levels than current threat actors.
显然,政府在管理网络威胁和风险方面可以发挥作用. What can governments 和 the financial sector do to better partner 和 collaborate?
JH: There are a number of opportunities to enhance government-financial sector collaboration. 首先也是最重要的, it is important to note that threat actors are sharing tactics 和 criminal activities with each other each 和 every day.
To stay one step ahead, governments 和 firms need to continue to share information. 没有它,我们永远不会像我们所对抗的威胁分子那样有效. 然而,要在这一领域取得进展,还有一些机会.
第一个, additional legal frameworks 和 protections should be put in place to ensure anonymity of the firms’ providing the intelligence. Doing so can help to cultivate a more productive sharing arrangement that protects firms while obtaining the information needed to protect markets, 机构和潜在投资者.
其次,需要一个闭环机制. It is important that the industry underst和s how 和 when firms’ information will be used 和 ensure it is protected by government entities. 同时, it is important for firms to underst和 whether the intelligence has been actioned, as well as whether there are additional steps firms should be taking to bolster protections 和 capabilities.
金融机构和政府实体继续合作, 和 they continue to evolve their efforts as threats 和 the potential impacts of these threats change. Conferences like the GovWare conference provide a platform to advance these conversations.
本文最初发表于 CyberSecAsia 2023年11月14日.