How Security Professionals Became FinServ Super Heroes

By Stephen Roostan, VP EMEA, Kenna Security

A year or so ago, cybersecurity professionals were unlikely to win any prizes in the popularity stakes with colleagues.

Often referred to as the department of ‘no’, security teams were typically viewed as the company naysayers that always blocked requests because of perceived associated risks. Looked upon with negativity they were seen as an annoying hindrance to productivity by those with little appreciation of their wider security remit.

Fast forward 12 months and security professionals working in the financial services sector are suddenly enjoying a newfound respect and appreciation.

Indeed, according to research by ISC(2), 71% of those outside the security community say they now view cybersecurity professionals as ‘smart, technically skilled individuals’ – and 9% go as far as to claim they think of cybersecurity professionals as ‘heroes’.

This impressive and rapid turnaround in perceptions has been driven by a number of factors.

COVID-19 has created a digital tipping point

Prior to COVID-19, the financial services industry was already evolving at a rapid pace, but the onset of the global health pandemic rapidly accelerated demand for digital capabilities and services.

Forced to pivot at speed and at scale, overnight organisations had to shift to remote workforce models and focus on transacting with customers primarily through digital channels.

This wholescale move to remote digital operations meant cyber risk management quickly became mission critical as the number of cyberattacks on financial companies began to surge.

According to a recent Investors’ Chronicle report, between January and June 2020, the finance, insurance and credit sector reported at least 122 cybersecurity incidents to the UK regulator under the General Data Protection Regulations, up more than 54% over the same period in the previous year. Similarly, phishing and ransomware incidents nearly doubled.

Protecting employees and customers from emerging cybersecurity threats, while simultaneously keeping the business on track, meant cybersecurity professionals had to double down on their efforts in the face of a significantly expanded array of security and cyber concerns.

Bridging the divide – enabling fast-paced enterprise-wide innovation

Adapting fast to cope with the pressing tactical need to enable remote working meant security teams had to work hand in glove with business leaders. Only by understanding the processes users would need, could these be enabled in as fast and secure a way as possible.

Suddenly, security professionals became high profile contributors to a new mission: supporting business continuity while protecting the enterprise. No easy task when threat actors were quick to exploit the opportunities arising from an explosion in BYOD usage and the rapid expansion of the enterprise attack surface.

Enabling productivity while securing what matters most to the organisation was now the name of the game. Acting as strategic partners to the business, security teams introduced automated controls, policies and authentication procedures for remote work environments that were designed to reduce long-term risk.

They also demonstrated how adopting a resilient by design approach that embedded security capabilities from the ‘get go’ was the key to quickly enabling new digital initiatives – and transitioning to new ways of working.

Taking a collaborative approach to tackling risk

One other significant factor contributed to the recent meteoric rise of security professionals in the popularity stakes. Today’s modern risk-based vulnerability management (RBVM) platforms have made it much easier for cybersecurity professionals to prioritise and score the actual risk an individual vulnerability represents to an organisation’s assets and applications in near real-time.

All of which has paved the way to enhanced communication and collaboration that significantly changes how cybersecurity and IT teams work together to remediate the riskiest vulnerabilities first.

Providing security and IT teams with a risk-based approach that makes it possible for everyone to jointly focus time and finite resources on the 2-5% of vulnerabilities that pose the greatest risk to their enterprise, advanced RBVM has made it possible for everyone to understand what to fix, why it needs to be fixed, and how to fix it.

Even better, it also enables security teams to take a predictive modelling approach to vulnerability management that calculates risk the moment it’s revealed – and often before an exploit is built for it. All of which enables even greater efficiency and IT/Security alignment through the setting of risk-based service-level agreements that are based on the organisation’s risk tolerance, rather than purely arbitrary timelines.

Cybersecurity professionals have helped business leaders steer an optimal cyber pathway to achieve their goals in a timely way, whilst also leveraging today’s innovative risk-based vulnerability management systems to great effect. As a result, they’re now able to work together to establish the right priorities. In turn, this maximises the use of available resources to jointly reduce risk and generate business value.

Now revered by ordinary employees and senior business leaders alike, cybersecurity professionals have played a key role in enabling a raft of new working practices in response to the pandemic. Recognised as playing a critical role in ensuring the health and long term future of financial services organisations, the rise of the cybersecurity professional from ‘zero to hero’ has been fuelled by a resetting of relationships across the business triggered by a pressing need to enable crisis-driven business change.