FS CISOs

EXECUTIVE PARTNER SERVICES

FS CISOs

You Are Invited to Join Our Exclusive Charter Advisor Group

We are bringing together a select group of highly experienced leaders for a virtual meeting January 31, 2022 (11am - 1pm ET) as Charter Advisors of our new Executive Partner Service (EPS) designed specifically for Chief Information Security Officers in financial services/banking organizations.

Charter Advisors guide us in focusing the research and advisory support on your organization’s most pressing information security challenges.

For more information on FS CISOs Executive Partner Service, please download this fact sheet.

Interested in becoming a Charter Advisor?

 

Find out more about joining the Charter Advisor group and get a free copy of our first brief CISO Guidance for Zero-Trust Architecture.

CHICAGO SUMMIT

The CIO & CISO Chicago Summit is back again... to live! We’re heading to Chicago on the December 9th, in person, for 40-50 tech decision-makers to gain knowledge about transformative technology and, to develop a future-proof strategy to accelerate digital transformation to deliver value to customers.

Secure your spot to discuss the current challenges and opportunities for 2021 and beyond for IT and security execs - don't miss your chance to join them on December 9.  >> CISOs register here!           

#CDMMedia #CreateExperiences #CIO #CISO #Inspire #Engage #Connect #Events #Conferences #AiteNovarica

New York Summit

Join us as we have partnered with @CDM Media for the CIO and CISO New York Summit, this December 14th, 2021.

The Summit is designed as an information-sharing hub and exclusive networking platform specifically for C-Level and senior executives from some of the best enterprises in the Northeast and surrounding areas. We want you to walk away feeling enriched by learning from business leaders, who can share both the practical and actionable elements of their successes and failures.        

Secure your seat today at this exclusive event!   >> CISOs register here!

Mitch Wein

Head of Financial Services Executive Partner Service

Areas of Expertise: Banking, International IT Leadership and Transformation, IT Strategy and Architecture, Life/Annuities/Benefits, Property/Casualty, Wealth Management
SEE FULL BIO >

Executive Partner Services provides one key executive and their team with:

  • Direct consultations with our executive partner team on demand, for you and your team, any time, on any topic or issue.
  • An annual virtual workshop session for your team on general trends and best practices in your key product lines, or a deep dive on a specific strategic issue.
  • Facilitated 1-on-1 conversations with other senior executives in our Research Council network
  • On-demand “snap polls” of our network on topics of interest.
  • Access to our knowledgebase of published information, including special best practices and benchmarking reports only available to Executive Partner Service clients

For more information on FS CISOs Executive Partner Service, please download this fact sheet.

Latest Blog Posts

November 19, 2021

Still Getting Compromised?: Zero-Trust Architecture Is Needed

With workforces and organizational data assets scattered globally and corporate networks being accessed remotely, the financial services (FS) industry is increasingly susceptible to cybersecurity breaches. In this dispersed environment, attackers target remote workers and unsecure personal devices by compromising identities to circumvent traditional network security policies. These cyberattacks then move laterally inside the network to seize data and facilitate ransomware and other malware attacks.

Given the heightened risk of a significant security and data breach, it’s unsurprising that a top priority of FS chief information security officers (CISOs) is adopting a zero-trust architecture (ZTA). From its central tenet that no one can be trusted, including any employee or partner already inside the IT network, zero trust is designed to protect data and applications across the enterprise by limiting access privileges.

This post will explore the nature of cyberattacks today and describe how a comprehensive ZTA security approach enables enterprise data protection through real-time, continuous authentication using a combination of tools working together.

Cyberattackers Are Already Inside

FS organizations are more vulnerable than ever to cyberattacks because of distributed networks and remote workforces. Traditional perimeter defenses are inadequate to prevent security breaches or theft of corporate information and customer data as savvy attackers compromise identities to easily bypass firewalls and other cybersecurity protections (e.g., anti-malware software).

For example, phishing emails, distributed denial of service attacks on cloud providers, and malware attacks on endpoints (e.g., remote devices) pose increasing risk to the integrity of FS organizations’ IT networks and data. These cybersecurity threats are more insidious because network perimeter-focused information security programs cannot detect when the identity of a previously verified user or device is subsequently compromised.

Zero Trust Requires Real-Time Authentication

To defend against cyberattacks that compromise identities, FS CISOs should implement a comprehensive security architecture program that focuses on data protection. ZTA is an information security architecture approach that protects data because it is grounded in the fundamental assumption of no trust; users and devices are not automatically granted access to data and applications. All users and devices must be authenticated when a unique access request is made from any network connection, without exception.

As stated in Aite-Novarica Group’s new brief CISO Guidance for Zero-Trust Architecture, “access to individual enterprise resources is granted on a per-session basis.” Consequently, no user/device that is logged on and subsequently compromised carries over previous authentication and authorization to another resource on the network—i.e., access to network applications is granted each time a request is made.

Authentication is also “dynamic and strictly enforced before access privileges are granted,” resulting in an information security posture of continuous identity verification for all identities inside the IT network.

To implement a proper ZTA design that effectively defends against cyberattackers already inside the network, technology solutions are required to address gaps for the majority of FS organizations.

Financial Services ZTA Implementation

As stated in CISO Guidance for Zero-Trust Architecture, “zero trust is not a singular technology but rather an end-to-end architecture composed of policies, procedures, processes, practices, and a technology stack designed to prevent east-west malicious movement.” Therefore, to avoid piecemeal implementation of ZTA as part of the organization’s overall information security program, FS CISOs should select the appropriate technology solutions that collectively address all logical zero-trust design components.

The logical components of an authoritative ZTA approach are outlined in the brief and include the policy engine, the continuous diagnostics and mitigation (CDM) system, and threat intelligence feeds. As there is no single tool or solution that provides complete coverage of all ZTA design components, CISOs need to determine the appropriate mix of technology providers that enable implementation of a comprehensive design.

To help visualize how to select technology solutions and providers, Aite-Novarica Group developed a sample technology capability map that avoids piecemeal implementation. For example, as the graphic shows, FS organizations could select three market-leading providers covering identity and access management (IDAM), threat and vulnerability management (TVM) and governance, risk and compliance (GRC) that in combination fully align to the complete, authoritative ZTA model.

Selecting technology providers starts with design principles and components on which a comprehensive ZTA model implementation is centered and not with the marketing claims of cybersecurity providers.

By assuming that malicious attackers are already inside the organization’s IT network, ZTA enables more comprehensive data protection by preventing users and devices from moving east-west to access other parts of the network until they have been authenticated. FS organizations should implement a comprehensive ZTA security approach by leveraging the appropriate combination of technologies to create an end-to-end security architecture that protects enterprise data from complex cybersecurity threats.

An Invitation for You

Are you an FS/banking CISO or senior security executive? Would you like more information about joining our exclusive Charter Advisor Group? We’d love to hear your guidance on how this new offering can support your function’s impact.

Simply click the link below to share your contact information, and I’ll reach out to schedule an introductory conversation about the new EPS and select Charter Advisor Group. You’ll also receive a free copy of our brief CISO Guidance for Zero-Trust Architecture.

LEARN MORE >>

November 8, 2021

The Zero-Trust Architecture Imperative for Financial Services

With the rise of the hybrid, work-from-home workforce and increasing global distribution of corporate information and network assets, financial services (FS) and banking organizations are rethinking how they can effectively protect data. FS chief information security officers (CISOs) are prioritizing implementation of zero-trust architecture (ZTA) because the traditional information security approach—characterized as “defending the perimeter”—is inadequate to guard against the risk of cyber threats to the organization’s IT assets and data.

ZTA changes the paradigm of information security strategy; its central tenet is that no one, including any employee or partner already inside the IT network, can be trusted. FS CISOs should assume that malicious attackers are no longer trying to enter at the gates, or boundaries, of the corporate network—cyberattacks now bypass perimeter protections (e.g., firewalls) through compromising identities and access points (e.g., phishing emails and encrypted malicious code injections).

In this blog, I will explain the imperative to adopt ZTA as principal design scheme that is part of the organization’s overall information security architecture and share guidance on how FS CISOs should think about a comprehensive approach to integrating ZTA.   READ FULL BLOG>>