Guest blog: Building a Cybersecurity Program fit for your building society

Guest blog by Josh Davies, Product Manager, Alert Logic. This article was first published in Society Matters magazine.

Guest blog by Josh Davies, Product Manager, Alert Logic

This article was first published in Society Matters magazine.

At this year's Building Societies Conference, I spoke about emerging threats and how to combat them. Cybersecurity events have skyrocketed in recent years, both as organisations have slowly deployed new digital technologies across their businesses and as companies have transitioned to hybrid work models following the pandemic.

The importance of an effective cybersecurity program

Emerging digital workplaces opened attack vectors that hackers have exploited, making a robust cybersecurity program essential. A cybersecurity program makes organisations more resilient, enabling you to protect your reputation, conduct proper risk assessment and ensure regulatory compliance.

A cybersecurity program combines security controls, procedures, teams and remedial plans to reduce cybersecurity risk and recover data following an attack.

Why implement a cybersecurity program?

  • Protect your reputation: Business reputations in the digital economy depend on an organisation’s ability to protect the personal data of customers. A strong cybersecurity program, demonstrates that customers’ personal data is taken seriously, building trust.
  • Stay compliant: Regulatory agencies are responding to the cybersecurity threat by introducing and refining compliance regulations. An effective security program includes controls ensuring adherence to regulations, helping organisations avoid costly non-compliance investigations and fees.
  • Coordinate cybersecurity efforts:  An organisation’s cybersecurity strategy may be fragmented across departments, leaving gaps in their security posture for hackers to exploit. A cohesive cybersecurity program ensures standardised alert detection, threat analysis and incident response across the organisation.
  • Mitigate third-party risk: Outsourcing operations to third-party vendors exposes firms to risk, which can be more difficult to identify and protect against. A well-developed cybersecurity program includes third-party security protocols and ensures third parties have adequate controls to protect the organisation’s sensitive data and mitigate risk.

Four cybersecurity program essentials

There are numerous ways to create an effective cybersecurity program, and security controls should address specific requirements of the organisation, but there are some essential elements:

Business and data recovery plan 

Organisations require plans to recover data and ensure business operations quickly return to normal. Organisations should keep regular data backups — preferably stored off-site — to mitigate data loss from an attack.

Cybersecurity training 

People are an organisation’s most important asset but pose a cybersecurity risk, as hackers often exploit mistakes to penetrate systems. Ongoing training sessions with employees on best practices ensure they are doing everything possible to protect account information.

Relevant performance metrics 

It is important there are procedures to measure the impact and success of the cybersecurity program. Track metrics like mean time to detect (MTTD), intrusion attempts and mean time to contain (MTTC) to quantify performance.

Ongoing monitoring

Organisations need to stay abreast of emerging threats and constantly test their own security systems to better understand where new vulnerabilities exist.

Steps to building a cybersecurity program

Here are the basic steps to craft a cybersecurity program:

  1. Outline a cybersecurity vision:  Detail a vision that places the proposed cybersecurity program inside the broader digital journey of the organisation.
  2. Conduct a risk assessment: Identify malicious actors interested in penetrating your systems and stealing critical data. These could be amateur black-hat hackers or cyberterrorists.
  3. Identify relevant compliance regulations: These vary by industry, so it’s critical organisations understand relevant regulations and build controls that ensure compliance.
  4. Place proper controls:  Identify the tools, procedures, personnel and software for the cybersecurity program you envision.
  5. Conduct ongoing gap analyses: Regularly test technological solutions, governance procedures and security personnel to ensure cybersecurity policies are properly implemented and identify gaps.

For more information: Visit www.alertlogic.com to learn more.

The views, opinions and positions expressed within guest blogs are those of the authors and do not necessarily represent those of the BSA.

You may also be interested in...

BSA Card
  • BSA.IndustryResponse Industry Response
  • Conduct Risk & Regulation

FOS Consultation on charging Claims Management Companies & other professional representatives

The BSA strongly supports the principle of charging a fee to CMCs.

BSA Card
  • BSA.Event Event
  • Conduct Risk & Regulation

Annual Update & Networking for Boards

This autumn, the BSA is running its first event designed specifically for Board Members (Exec and Non-Exec) and Board attendees. This in-person e...

BSA Card
  • BSA.Event Event
  • Conduct Risk & Regulation

Consumer Duty: Navigating Board Reports

A free webinar hosted by BSA Associate, docStribute docStribute and Woodhurst are collaborating to bring you this webinar series. Following our pre...

BSA Card
  • BSA.Event Event

Building Societies Annual Conference 2024

Building Societies Annual Conference 2024 8th -9th May, Manchester   The Building Societies Annual Conference is the leading event in the secto...

BSA Card
  • BSA.Event Event
  • Audit & Taxation

Audit, Risk & Regulation Autumn Series

This year's annual update returned in a brand new format with a series of topical webinars covering key areas of audit, risk and regulation. This...

BSA Card
  • BSA.Event Event
  • Conduct Risk & Regulation

Consumer Duty: Linking Customer Outcomes to Customer Experience

A free webinar hosted by BSA Associate, Protiviti This webinar will explore ways firms can effectively test, monitor, and report customer outcomes ...

BSA Card
  • BSA.Event Event
  • Conduct Risk & Regulation

BDO's Financial Services' NED event: Consumer Duty Board Champions

BDO’s Financial Services’ team is delighted to invite you to our first FS NED event for 2024, to discuss the Consumer Duty’s ("the CD") next phase of ...

BSA Card
  • BSA.Event Event
  • Prudential Regulation

Preparing for successful regulatory visits

Two half-day sessions on 24 & 25 January 2024

  • BSA.IndustryResponse Industry Response
  • Conduct Risk & Regulation

GC23-2 FCA Guidance consultation on financial promotions on social media

Our response to FCA GC23-2