Don't Forget to Share this Post

20 Steps to Create a Cybersecurity Framework for Investment Management Firms

By Amisha Shah | Thursday, October 10th, 2019
In honour of October being international cybersecurity awareness month, Eze Castle Integration is hosting a webinar series to educate the industry on the latest security topics and trends. 

The Center for Internet Security (CIS) Controls provide a standard framework to bolster security. Yesterday, in our first webinar of the series, our experts outlined actionable steps, strategies, best practices and technologies firms can adopt to protect data, assets and corporate interests based on 20 CIS controls. 

Today’s blog article will summarise key takeaways on how investment firms can utilise the CIS Controls framework to safeguard their operations. You can also watch the replay here to listen in on the full discussion. 

Moving Targets: Today’s Threats

CIS Controls for Financial FirmsCybersecurity continues to be a serious concern for businesses all around the world. There are a number of risk factors facing firms in today’s threat landscape, these include but are not limited to the following: 
  • Physical Security Attacks
  • Malware or Ransomware
  • Social Engineering
  • External Hacking/DoS
  • Human Error or Insider
  • Data Breaches 
Hackers are getting increasingly sophisticated in their attempts to access high value and confidential information to capitalise on. There are a number of actions firms can take to greatly decrease cyber vulnerability and this is where frameworks such as the CIS Controls comes in to play. 

What are the CIS Controls?  

The Center for Internet Security is a non-profit, global IT community which provides resources to safeguard private and public organisations against cyber threats. The CIS Controls are a recommended set of actions for cyber defence that provide specific and actionable ways to stop today’s most pervasive and dangerous attacks. What’s more is that the controls are developed by a community of IT experts who bring first-hand experience as cyber defenders to help create a globally accepted security best practices framework. 

Operationalising CIS’s Controls

Our experts have organised the controls to provide guidance on tangible areas where investment firms can improve their security posture. There are 20 controls, some are standard security ‘must haves’ whilst we’ve marked others as ‘advanced’ forward thinking IT solutions for businesses that are ready to deploy institutional grade security. 


Asset Control and Management 

This first step is all about knowing what you have and includes an inventory and control of hardware and software assets. As well as securing hardware and software configurations, which include:
 
  • Deploying standard configurations
  • Manage/enforce configurations
  • Security baselining tools (*advanced)

Technical Safeguards

Technical safeguards that organisations should consider include email and browsing protections as well as malware defences. We recommend the following practices for each: 

Email and browsing protections
  • Next generation firewalls
  • Email filtering and anti-phishing services
  • Anti-phishing training campaigns
  • DNS level filtering
  • Email attachment sandboxing
Malware defenses
  • Anti-virus/anti-malware
  • Endpoint protection
  • Malware sandboxing and detonation (*advanced)
  • Anti-exploit technologies (*advanced)

Network Security

Studies suggest that 46% of employees access confidential information when using unsecure networks. Therefore, the below actions are suggested to ensure optimum network security:
  • Secure network device configurations
  • Boundary defences
  • Control of network ports, protocols and services
  • Wireless access control using strong authentication, encryption, firewalls, IDs, etc. In addition to segmenting guest and privileged networks and centralised management of these. 

Watch the webinar replay below for the full list of 20 CIS controls we recommend, covering best practices around vulnerability assessments and pen testing, access control and privileges, IT resilience and much more. 
 

Next up in the cyber webinar bootcamp series is ‘Cloud Security Defined: Required Safeguards for 2020’ on Wednesday, 16 October at 11am BST and 4pm BST. Register HERE to save your spot!

                                                                                                                                                                    
Don't Forget to Share this Post

Related Posts

How Can Eze Castle Integration help you?Contact us today!

Contact Us