Millions of Canadians got a message from Capital One after a reported hack: their personally identifiable information (PII) was breached when a cyber criminal accessed bank servers through a third-party vulnerability.
Canadian financial-services companies need to get a message after the Capital One hack, too: they are vulnerable. They will be hacked. Cyber-resilience is critical. It's the next step.
Ninety-five percent of all businesses had a cybersecurity program in place in 2017, according to Statistics Canada.
Forty-seven percent of banking institutions in Canada have been breached, according to the same data set from Canada's national statistical agency.
"Financial services is an industry that gets the importance of cybersecurity. The majority of businesses in the financial-services industry have made some kind of investment—but is their cybersecurity mature enough? Is it evolving on a day-to-day basis?"
“In our day-to-day work, almost all businesses operate with products from third-party providers… all it takes is one small vulnerability for a hacker to get in,” notes Vivek Gupta.
“Are you doing everything in your control to protect your customers? Are your strategic partners, third-party providers, and vendors part of your cybersecurity framework? Are you able to respond effectively to a breach? Is your company cyber-resilient?”
“Cyber-resilience is having the capability to deliver and provide an intended outcome despite unforeseen adverse cyber events,” explains Vivek. “Organizations are currently focused on strengthening their information security, cybersecurity, and business continuity-management policies. During a cyber attack the impact is on availability, confidentiality, and integrity of information, in turn affecting the systems, operations, infrastructure, network, and processes of the organizations. The cyber-resilient business continues operations and delivers intended outcomes―despite the breach.”
Cyber-resilience strengthens your company's abilities to resist attacks and enables it to continue to function if―or when―an incident takes place.
To become cyber-resilient, you need to identify and eradicate vulnerabilities that hackers could use, following seven steps.