Training in the cyber age
EDITOR'S NOTE: Jeff Kelly is Vice President of Governance, Risk and Compliance for OnCourse Learning Financial Services. He previously worked in various other roles in the financial services industry, including as a compliance officer, senior regulatory examiner, and vice president of compliance and risk management. Kelly has an M.B.A. from the University of Wisconsin-Milwaukee.
Cybersecurity training is a critical component to a financial service provider’s defenses against cybercriminals.
It is no secret that financial service providers are prime targets for cybercrime. The average cost of a data breach in the financial sector is $141,249 per incident, according to a 2015 study by the Pennsylvania-based risk assessment company NetDiligence. As the cybersecurity threat environment continuesto evolve at an accelerating pace, technological advancements in the industry further integrate our business with the cyber world. This increases the avenues by which cyber criminals can wage attacks and is a major reason why building appropriate cyber defenses is critical.
For organizations to confidently rely on their entire workforce to recognize and defend against potential threats, all employees should have adequate knowledge of the subject.”
— Jeff Kelly, vice president of governance, risk and compliance for OnCourse Learning
Of these avenues, the most vulnerable remain the employees of financial institutions. As financial service providers and their employees increase their touch points with the cyber world, the threat level increases and becomes more complex. As a result, financial services organizations are recognizing the need to dedicate resources to ensure employees are appropriately equipped to not only recognize threats, but to mitigate the impacts. More than likely, your organization will be confronted by a cyberattack in the near future. According to a November 2016 report titled “The State of Cyber Security in the Financial Services Industry” by MetricStream Research, 66.2% of organizations reported having dealt with at least one cybersecurity attack within the past year. So what are the major risks to financial institutions? Here are a few:
Employee vulnerabilities
Third-party vendors
Another potential area of cyber risk for organizations is third-party vendors. Some of these vendors have access to a financial institution’s data at critical levels, and should undergo a similar level of training to that of the institution’s staff. Training requirements of these third parties also should be examined by organizations on a regular basis. Cybercrime is not going away, and new threats seem to emerge every day. Therefore, organizations can ill afford to delay a review of their cybersecurity training programs. Many organizations lack the expertise and/or resources to train their staffs appropriately and stay on top ofthe rapidly evolving threats. This also isn’t a financial institution’s primary area of expertise or business focus. Working with a reliable training partner can help deliver timely and effective cybersecurity training to an entire organization.
OnCourse Learning offers a variety of customized training solutions for financial institutions.
Learn More
Cybersecurity risk mitigation starts from the top down. Directors and executive level management must understand its importance and make it a focus of the organization to truly have effective strategy and dedicated resources. While it is important to hire and train a qualified team to oversee an institution’s technology resources and information security, this alone is not enough to defend your organization from a cyberattack. These IT teams or individuals are able to establish controls and protocols for the organization, but at the end of the day they remain heavily reliant on employees at all levels to effectively recognize and defend against the many cyberthreats. In fact, according to the 2016 MetricStream Research report, 48.5% of the surveyed organizations reported that “employees were the primary conduit through which an attack was launched.” For organizations to confidently rely on their entire workforce to recognize and defend against potential threats, all employees shouldhave adequate knowledge of the subject. Cybersecurity training plays a critical role in an institution’s ability to mitigate these ever-changing and evolving threats.
Leadership direction
Training focus
Cybersecurity training should cover several key areas. Employees must understand what cybersecurity is, why training on the topic is so important, andwhat each employee can do to effectively mitigate potential risks. Because employees have differing levels of education and experience, organizations need to applystandardized training methods and procedures to ensure no one gets left behind. Training should start with the basics. It is fairly likely the staff members being trained will vary greatly in their understanding of cybersecurity issues. Because of the increasing complexity of technological solutions that employees work on and the evolving external and internal cybersecurity threats, it is increasingly important that cybersecurity training remains constant and up-to-date within your organization. Consistent reminders and testing of training effectiveness, along with appropriate remediation, are important components to the long-term success of any organization’s cybersecurity program.
Regulatory compliance risk (Gramm-Leach-Bliley Act safeguarding rules);
Risk of financial loss (financial losses, monetary penalties and large remediation costs);
Third-party risk;
Reputational risk (perhaps the greatest risk); and
Failure to adequately mitigate negatively effects the bottom line.
Preparation is better than remediation when it comes to cybersecurity
© 2017 OnCourse Learning Corp. All rights reserved
Contact Us
20225 Water Tower Blvd. Brookfield, WI 53045
By Jeff Kelly
More inside this guide
Prevent cyberattacks
Banks must take proactive steps to stay ahead of cybercriminals
Phishing for trouble
Hackers use phishing emails to steal data, penetrate networks
Banks face new cyber regs
New cybersecurity standards could affect large financial institutions
Leading the way
New York establishes first-of-its-kind cybersecurity standards
What you need to know
Ways financial institutions can identify and respond to cyberthreats
Email fraud and cybercrime
Tips to identify red flags and respond to email and cyberthreats
Understand the threats
Learn ways financial institutions can mitigate cyber risks
Reduce cyber risk
OnCourse Learning webinar focuses on cybersecurity issues
Choose the right vendor
Financial institutions can be held responsible for vendor tech failures
Become cyber secure
OnCourse Learning offers cybersecurity training to meet your needs
Take cybersecurity seriously
Guide helps financial institutions identify cyberthreats
Beware of ransomware
Cyberattacks involving ransomware are a growing concern
Stop the bad actors
Terrorists and other groups threaten the financial system
Credit unions raise the bar
Agency creates cybersecurity assessments for credit unions
Cyber preparedness
Why cybersecurity should be a top priority for your financial institution
Increase cyber awareness
Federal and state agencies offer many cyber resources
Protect online payments
Agency warns of cyberthreats to bank payment networks
Training in the cyber age
Preparation is better than remediation when it comes to cybersecurity
How to Navigate
How to Navigate
Move forward or backward between articles by clicking the arrows.
Click or tap to bring up the Table of Contents.
Share articles by clicking on one of the social media icons in the upper right corner of the page.
Use your mouse wheel, keyboard arrow keys, or scroll bar to move up and down in an article.