News in the Channel - issue #18

CYBERSECURITY FOR LEGAL AND FINANCIAL BUSINESSES

protection, regulatory compliance, data loss prevention and identity and access management. They also prioritise incident response, employee training, cloud security and managed security services to effectively address the evolving threat landscape and safeguard sensitive data. “Due to the speed at which new attacks are being created, they are more adaptive and difficult to detect, which poses an additional challenge for cybersecurity professionals. From a high-level business perspective, they must look to constantly monitor their network for suspicious activity, using security tools to detect where logins are occurring and on what devices. The sooner teams can flag a potential issue, the lower the risk of an attack. As a result, there will be a greater demand for tools that can harness the power of AI to detect and respond to smarter threats in real-time.” Regulatory concerns Andrew Pattison, head of GRC consultancy Europe at IT Governance Europe, says that businesses must prioritise flexible cybersecurity solutions to secure remote access to corporate networks and devices, employing measures like multifactor authentication and staff training. “Additionally, real-time monitoring and threat intelligence are essential for detecting and mitigating security risks promptly,” he says. “For instance, financial entities in the EU and those providing ICT services to them, must be compliant to the EU Digital Operational Resilience Act (DORA) by 2025. This legislation aims to bolster cybersecurity by outlining security requirements, contractual arrangements, and oversight frameworks for financial entities and their third-party ICT service providers across all 27 member states. “To navigate this regulatory landscape and enhance their cybersecurity posture, businesses can leverage standards like ISO 27001 and ISO 22301. These frameworks offer structured approaches to adapting to evolving threats while ensuring compliance with regulations such as DORA. By adopting a risk- based strategy and proactively implementing measures outlined in these standards, legal and financial enterprises can bolster their operational resilience, protect sensitive data and mitigate cyberthreats.” Ethical hackers Meanwhile, Chris says that engaging the global community of ethical hackers is

Fiona Whyte co-CEO

in place, including a consumer notification process especially when sensitive data and financial information is corrupted,” says Spencer Starkey, VP EMEA at SonicWall. “Regulation or industry standards should be put in place to protect consumers and relevant stakeholders from experiencing material damage and ensuring transparency from company officers.” Durgan says the general trend is towards visibility tools. “Most legal and financial services companies will have good security products in place, however there are often too many systems and alerts coming from these to filter the really bad stuff manually, therefore an increase in security operation centres and analytics tools is on the rise,” he says. “Coupled with this, threat intelligence feeds are increasingly being subscribed to which provide up to date/real time insights into emerging threats which either target all or industry specific threats.” Sam adds that private content networks are becoming more common. “A private content network employs a content-defined zero-trust approach that would enable financial services organisations to unify, track, control and secure all their sensitive content communications into one single platform,” he says. “This allows financial services organisations to track and control access to files and folders, who can edit and share them, and to whom and where they can be shared. This could be a game changer as it enables financial firms to ensure private personally identifiable information, intellectual property, client financial records, insurance claims and more to remain private and in compliance with increasingly stringent global regulations.”

endida.com

Scott Johnson VP, product management

synopsys.com

Spencer Starkey VP EMEA

Spencer adds: “Legal and financial companies are seeking cybersecurity solutions that offer advanced threat

sonicwall.com

www.newsinthechannel.co.uk

25

Powered by