Banking Exchange Magazine Logo

From 0 to 40 in three years

More businesses to jack up cyber security plans

  • |
  • Written by  Website Staff
  • |
  • Comments:   DISQUS_COMMENTS
From 0 to 40 in three years

Although the frequency of a cyber security attack on a large scale is low, by 2018, 40% of large enterprises will have formal plans to address aggressive cyber security business disruption attacks, up from 0% in 2015, according to Gartner, Inc.

Business disruption attacks require new priority from chief information security officers and business continuity management leaders, because aggressive attacks can cause prolonged disruption to internal and external business operations.

How business disruption progresses

Gartner defines aggressive business disruption attacks as “targeted attacks that reach deeply into internal digital business operations with the express purpose of widespread business damage," according to Paul Proctor, vice-president and distinguished analyst at Gartner.

Proctor describes the progression of an attack:

• “Servers may be taken down completely, data may be wiped, and digital intellectual property may be released on the internet by attackers.”

• “Victim organizations could be hounded by media inquiries for response and status, and government reaction and statements may increase the visibility and chaos of the attack.”

• “Employees may not be able to fully function normally in the workplace for months.”

“These attacks may expose embarrassing internal data via social media channels,” says Proctor, “and could have a longer media cycle than a breach of credit card or personal data.”

What can you do?

To combat these types of attacks, chief information security officers must pivot approaches from blocking and detecting attacks, to detecting and responding to attacks.

Entirely avoiding a compromise in a large complex enterprise is just not possible,  according to Proctor, so a new emphasis toward detection and response approaches has been building for several years.

"Preventive controls, such as firewalls, antivirus, and vulnerability management, should not be the only focus of a mature security program,” Proctor explains. “Balancing investment in detection and response capabilities acknowledges this new reality."

Impact of “Internet of Things”

Continuing growth of what the Internet is increases companies’ exposures. The rise of ubiquitously connected devices and the Internet of Things has expanded the attack surface, and commands increased attention, larger budgets, and deeper scrutiny by management, Gartner says.

Digital business should not be restricted by these revelations, the firm believes, but emphasis must be placed on addressing technology dependencies and the impact of technology failure on business process and outcomes.

Gartner recommends that information owners should be made explicitly accountable for protecting their information resources, ensuring they will give due consideration to risks when they commission or develop new digital business solutions.

The expectation that digital business will be a successful consumer business model relies on IoT devices always being available. An interruption at any point during the end-to-end transaction process means that business transactions may not be completed, thereby negatively affecting customer allegiance and the revenue stream expected from the digital business offering.

As a result, the standard of due care for security program maturity will increase, with risk, security and business continuity management leaders getting more pressure and more support from boards.

"Chief information security officers and chief risk officers can and should persuade executives to shift their thinking from traditional approaches toward risk, security, and business continuity management,” says Proctor. “Security is not a technical problem, handled by technical people, buried somewhere in the IT department."

back to top


About Us

Connect With Us


Webinar: From KYC to IDV

How three leading banks are utilizing cutting-edge
digital tools to onboard, win, and wow customers

Time/Date: June 23, 2021 11:00 a.m. ET

Digital adoption, already moving at warp speed, accelerated seven years into the future during the COVID-19 pandemic. As the number of bank branches continues to fall, with at least one study predicting all branches will disappear by 2034 (Fox Business) and foot traffic declining (Vox), today’s most innovative banks are charting a new, digital-first path to win over customers while increasing security, meeting KYC compliance requirements, and winning customers to drive revenue.

In this webinar, you’ll hear from John Baird, Founder & CEO of Vouched, Tyler Crawford, COO of Bankers Healthcare Group, Anand Sathiyamurthy, CPO of Flagstar Bank and Daniel Sheehan, Chairman & CEO of Professional Bank as they describe their vision for digital transformation and how customer expectations are changing to digital first. They’ll also explore how fostering an innovation mindset creates new ways to tackle complex KYC problems and allows them to quickly compete in new markets and win customers.


This webinar is brought to you by:
Vouched Logo