Site icon IT World Canada

Understanding cybersecurity management for FinTech: cybersecurity policy and strategy management (Article 6)

Fraud And Scammers Concept. Cartoon Scammers In Masks Use All Kinds Of Sneaky Approaches To Steal Your Personal Details To Use Your Credit Card Or Open A Bank Account. Flat Style Vector Illustration.

Credit: Getty images

Cyber-attacks are on the rise with every passing day, and so is the cost associated with the damage caused by them. To protect the financial institutions from the menace of these cyber-attacks, a cybersecurity policy and strategy sets the standards to: monitor cyber activities on premises, design prevention and detection measures, and take appropriate actions to curb these activities.

Cybersecurity follows a “layered security” approach, which provides “Defense in Depth”. This is the practice of combining multiple security controls to monitor, detect, and thwart cyber-attacks. Relying on a single security control for providing a complete security solution is never recommended by cyber professionals, as every security control has its limitations and boundaries. Cybersecurity policy and strategy are designed to tackle growing cyber-attacks on financial institutions, responding to the menacing consequences of sophisticated cyber threats.

This article provides a comprehensive introduction to various cybersecurity policies and strategies used to protect FinTech institutions from belligerent cyber-attacks. The content in this article is based on the extensive research work behind our book titled “Understanding Cybersecurity Management for FinTech” published by Springer this year.

Cybersecurity policies and strategies

The fundamental requirements to prepare a cybersecurity policy and strategy are to know details including: assets, people, business objectives, potential threats, disaster recovery plan, business continuity plan, and security awareness program. Cybersecurity policy needs to be aligned with business objectives so that business continuity is not disturbed, even during a security incident. Figure 1 presents an overview of cybersecurity policies.

Figure 1: Cybersecurity policies

Access control

Controlling access to the assets is one of the main controls provided by the central theme of security. Access control prevents unauthorized personnel from accessing a piece of information. It not only controls unauthorized access, but also provides a relationship between different entities; granting and restricting access based on a user’s identity. Access controls can be classified into three categories: preventive, detective, and corrective. 

Authentication systems

Authentication is the process of testing or validating the claimed identity of a user. It requires the user to provide additional information to prove his identity. The most common form of authentication used is passwords. Following are the common types of authentication methods used nowadays.

Remote access control

Remote access policy defines the standards for connecting to a computer from any host computer outside the organization. The policy is designed to minimize the potential exposure to FinTech institution from damage resulting from the unauthorized use of their resources.

FinTech policy and prevention

The cybersecurity policy addresses cybersecurity principles for regulators, policymakers, supervisory committees, and service providers. These policies promote cyber hygiene, educate users, and limit cybersecurity incidents. Some effective cybersecurity policies to prevent cyber-attacks in FinTech are briefed below.

Resilience policy

Cyber-resilience policy provides the capacity to withstand, recover from, and adapt to external shocks caused by cyber risks. It prepares organizations to face adverse events and continue business in those conditions. The basic principles of a cyber-resilience policy include simple regulations, internationally harmonized, principles-based, and risk-based. It maximizes resilience while minimizing risks. The main characteristics of a cyber-resilience policy for FinTech institutions are:

Conclusion

By following fundamental cyber practices and educating users, employees, and people within the organization on various cybersecurity policies and strategies, threatening cyber-attacks within FinTech institutions can be prevented.

Exit mobile version