By Milad Aslaner, Head of Technology Advisory Group, SentinelOne

It’s safe to say Chief Information Security Officers (CISOs) within financial organisations have their work cut out for them in 2023 and beyond. A Bank of England Systemic Risk Survey revealed no fewer than 74 percent of financial service sector executives believe cyberattacks are the number one risk with the greatest impact to the UK financial system. In fact, concerns over cybersecurity rank higher than other key sources of risk, including high inflation, COVID-19 and geopolitics.

As the C-suite member charged with ensuring the safety and continuity of business operations and data, finance CISOs are all too aware of this fact. But with an ever-changing and evolving threat landscape, CISOs need to reassess their security plans regularly to ensure that they are maintaining the safety and digital growth of the enterprise.

So where should CISOs start?

Identify gaps and opportunities

The first step is to take stock of existing cybersecurity protocols, policies and procedures, asking questions like where does the current cybersecurity programme stand? Which teams are covering what? How are people, process and technology currently working together? Taking a wide-angle view will help identify any areas that need further attention.

Next, it’s important to delve deeper to assess just how mature the company’s security strategy truly is, ascertaining what is and isn’t working now. Deploying inventory discovery tools that catalogue the hardware and software connected to the corporate network can help CISOs better understand the organisation’s attack surface, and spot any gaps. Such tools are capable of scanning networks to locate protected and unprotected endpoints, as well as connected IoT devices.

Along with flagging the strengths and weaknesses within the organisation’s cyber strategy, it is essential to review any industry-specific risks and how they are currently being dealt with. CISOs also need to examine past performance and responsiveness to cyber incidents, and whether the company’s data security and privacy practices are meeting their objectives.

Revise the plan and measure performance

Once the assessment phase is concluded, CISOs should apply what they have learned. This begins with a detailed analysis of their findings, and preparing a roadmap for moving forward, focusing on both short-term and long-term goals.

These goals may include building stronger customer trust in the organisation securing and handling data safely, automating cybersecurity for improved operational efficiency or making better use of threat intelligence to secure operations. Firming up the company’s internal cybersecurity hygiene policies and developing company-wide initiatives that spread awareness about the importance of secure work practices should be a top priority.

Developing a plan for routine reporting on performance is key. Reports should include the most relevant security metrics and provide regular status updates on the company’s progress on security goals. These reports can flag up new learnings, wins, and challenges as they occur, and can validate the tactics and technology being used – or highlight gaps in security to address going forward.

With these goals in mind and the broader strategy prepared, it’s crucial to communicate these plans to stakeholders directly, and ensure buy-in and agreement on the top priorities that have been identified.

Execute and maintain

With stakeholders now on board, it’s time to execute on that strategy. When it comes to implementation, CISOs should set out clear expectations and review reporting metrics to assess the progress being made.

At this stage, CISOs should focus on being more adaptable and responsive to the fluctuating threat landscape, and making the most of new intelligence. Staying up-to-date with recent threat intelligence gathered by the cybersecurity community is vital, as knowledge of new and developing cyber breaches, industry-specific threat trends, documented tactics, techniques, and procedures (TTP), indicators of compromise (IoCs), zero-day vulnerabilities, and attack patterns is extremely valuable to bolstering an organisation’s cyber defence.

To maintain an effective security posture and stay agile, organisations should also enhance their in-house security team as needed, and ensure their technology tools are fit for purpose – namely, strengthening endpoint protection, cloud security, detection and response capabilities and the like.

Conclusion

As the number and sophistication of cyber attacks continues to rise, CISOs are facing a tall order – safeguarding business continuity and data in a shifting security landscape, while at the same time adapting to changes in overall business objectives and other internal and external factors.

By re-evaluating their organisation’s security posture and strategy – through a considered process of discovery, assessment, planning, execution and maintenance – CISOs can maximise their resources and effectiveness, and ensure their organisation is continuously moving towards the strongest security posture possible.