Patching * Antivirus * Vulnerabilities * Phishing * Malware * Encryption * Dual Factor Authentication
Back-up & Recovery * Ransomware * Security Training * Cybersecurity * NOC * SOC * Remediation * Help Desk
Penetration Testing * Vulnerability Testing * Password Cracking * Dark Web * Ransomware
and the list goes on
In the early days of Information Technology (aka Data Processing), many of the systems being installed were proprietary, so there was very little need even for the first form of protection: antivirus software. With the release of MS-DOS Personal Computers (PCs) and then Windows PCs, new capabilities, new tools for productivity, and new avenues for developers for new software applications were created, which also meant new avenues for Bad Guys (aka Cyber Criminals) to exploit the technology for their own gain.
Those Personal Computers turned into workgroups and then into more and more complex networks like we see today. Those complex networks provided multiple entry points for Cyber Criminals to infiltrate our networks, corrupt our files, steal our data, hold it for ransom, and subsequently cause an influx of security companies and tools from which to choose.
Managed IT Services/Security companies rose to assist Financial Institutions with outside capabilities for network management, security, and monitoring services. In the early days, some of these tasks could be done from within the Financial Institution. Now it is probably best to have the Bankers do banking and the “Geeks” stick to the technical stuff, remembering you can outsource the capability but not the responsibility!
As networks become more complex, more entry points need protecting, giving more weight to Regulatory Compliance. Regulators (via Compliance Exams) want to make sure you and your Financial Institution are protecting the public trust in keeping their data and money safe.
All of these changes (new technology, threats, and regulatory compliance) have contributed to increased security prices, but there are steps you can take to sensibly save budget dollars.
Here are 5 ways to assist you in managing the Rising Cost of Security:
- Educate – You should teach, review, and verify your defined policies and procedures through assessments or ongoing testing with consequences for those who do not want to follow best practices. There are reputable companies that provide free tools, training, and ongoing testing to help you maintain security. Ultimately, education and adherence to policy are your best security defense for your dollars.
- Don’t Overbuy – There are more security tools and services offerings than you might be aware of or even have the budget for. Use a Trusted Advisor that knows the ins and outs of the market and has the expertise to determine if the tool/service is the right fit for your institution. Many tools/services overlap, meaning budget dollars are wasted on duplicate protection. Dare to compare with a knowledgeable, objective advisor.
- References – Talk with your peers, a Trusted Advisor, or consult solution rating services to validate the performance of tools or services. Look for an in-use performance duration of over a year to see what Regulators and outside auditors have commented on through the audit cycle.
- Validate – Do your due diligence. Look at the reporting; does it look reasonable compared to the results you were previously receiving? Can you understand it? If you cannot explain it to your Board of Directors, how do you know it is working? If it goes from terrible to fantastic in one reporting cycle, be very leery.
- Modify – You should plan ahead in case the tool/service doesn’t work or deliver the desired result. In your Agreement, have verbiage stating that if the tool/service is not working or providing the desired results, it can be exchanged for a different tool/service with the same or greater value. Remember, the provider should be agreeable since they are not losing monthly recurring revenue, and you have the option to go elsewhere and can replace it with a tool/service from another provider.
Technology has come a long way since the release of the first personal computer. As technology advances, threats will persist, meaning Financial Institutions must keep up with the complexities of protection tools/services. Although your budget dollars may be limited, there are proactive approaches to managing security costs and using the “Geeks” to ensure compliance and remain confident in your commitment to protecting the public’s data and dollars.