2. Regulatory Pressure to Address Risk
Keeping pace with regulatory compliance is one of the largest drivers of technology investments for banks. But new regulations, including the Prudential Regulation Authority (PRA) in the UK and the EU’s Digital Operational Resilience Act (DORA), mean banks face a new imperative to upgrade their technology to address cyber risk—both internally and from third parties.
Specifically, the PRA advances two key objectives: ensuring that financial services firms meet standards of care pertaining to risk-reduction and taking the appropriate measures to protect consumer data.
Meanwhile, DORA requires that banks and firms in the global financial industry mature their third-party risk management programs to include set cybersecurity requirements—which will also apply to the critical Information and Communication Technology (ICT) service providers they are working with. As such, regulated EU financial entities must implement secure technologies and processes to raise overall supply chain resilience. Because the timeframe for meeting compliance standards with this complex framework will be relatively short, CIOs, CISOs, and compliance managers must start planning immediately and hit the ground running when it’s time. Read more about what DORA means for your organization.
3. Proactive, Continuous Monitoring
If banks want to keep up with consumer behavior while avoiding a major cyberattack, they must update their cybersecurity practices. But as digital environments expand—across mobile apps, payment systems, financial records, customer accounts, and on-premise and cloud services—emerging vulnerabilities call for constant vigilance.
To get one step ahead of the bad guys, banks must continuously monitor their attack surface for cyber risk such as vulnerabilities in mobile application code, unpatched systems, misconfigured software, malware, and anomalies in user behavior.
They can do this by using BitSight for Security Performance Management. With BitSight, security leaders gain extensive visibility into cybersecurity threats and risk across all digital assets in the cloud as well as geographies and subsidiaries and remote locations—all from a centralized dashboard. Using this insight, they can proactively mitigate risk in the firm’s expanding digital ecosystem, see what’s lurking in shadow IT, and prioritize remediation efforts and cyber initiatives based on risk. If a new vulnerability is detected security teams receive near real-time alerts so that they can bring continuous improvements to the organization’s cyber health.
The same continuous monitoring can be extended to the financial institution’s supply chain. No lengthy or costly audits are required; instead BitSight for Third-Party Risk Management provides an instantaneous snapshot of each vendor’s security posture—both before onboarding and for the life of the contract—and generates alerts when a vendor’s security rating falls below a pre-agreed threshold. Insights can even be shared with the third-party so there is transparency in the process and both sides can work quickly to resolution.
With the visibility that BitSight brings, banks can quickly expose and move to mitigate third-party cyber risk while continuously measuring, monitoring, and maturing their compliance with DORA and PRA as well as more established regulations like the Gramm-Leach-Bliley Act, FFIEC, SOC2, NYDFS 500, and GDPR.