Welcome!

Blog Feed Post

Incident Response Dictates Financial Services Customer Perception

Financial institutions most often suffer the greatest consequences of a security breach because, as the infamous bank robber Willie Sutton once said, “…that’s where the money is.” While there isn’t much that financial institutions can do to stop cyber criminals from attempting to steal sensitive data or financial assets, the way they respond to those attacks is coming under increased scrutiny from customers and regulators alike because of the increasing stakes on the table.

In fact, examiners at the Federal Deposit Insurance Corp. (FDIC) have identified a minimum set of requirements for incident response, covering everything from how breaches are identified and contained to how regulators and customers need to be informed once the breach is identified.

However, to their detriment, many financial services organizations still wind up making up their critical incident response as they go along. This not only wastes time, it also often leaves the impression that the organization was either not prepared or didn’t even have the proper security controls in place.

Have an Incident Response Plan

Regardless of the size of the financial services organization, regulators are making it clear that they now routinely view IT security within the broader context of risk management standards. As such, they are holding financial services organizations accountable, not just for measures to prevent breaches, but also for the effectiveness of their incident response. The assumption is that, while there is no such thing as perfect security, a financial institution should be able to respond the instant a breach is discovered. They must also be equipped with the critical context needed for rapid resolution and effective emergency communication across different departments.

For that reason, it’s crucial that financial services organizations have an incident and communications response plan that spans everything from the way the IT department resolves an issue, to the way the finance and legal teams quickly engage regulators, and whenever necessary, customers and the broader market. Executing consistently on such a plan to mitigate costs to the business requires a well-defined framework that covers all bases in keeping critical stakeholders engaged whenever a breach occurs. Having such a system not only makes certain that no step gets overlooked when missing a single step can have significant financial or legal ramifications, it also gives customers and shareholders confidence that the financial organization and their assets remain sound.

Shared Visibility

To that end, an incident response framework should be the mechanism through which every facet of the organization gets shared visibility into a consistent set of processes designed to mitigate the impact of a breach on the organization and its customers. For example, everyone within the IT organization must understand protocols around assessing incident impact, quickly mobilizing the right subject matter experts, deploying basic troubleshooting and remediation steps, and more. Additionally, stakeholders in the organization should not only be able to see exactly who in IT is working on the problem, and how long it will take to fix, but also understand in real-time what language they must use to inform customers.

Best practices such as these don’t come about of their own accord. Senior business and IT leaders need to set the tone. If organizations put the right processes in place (including regular training and practice), dealing with breaches and other forms of IT disruptions will become second nature. This is of absolute importance because the only thing worse than a costly breach — and the fastest way to lose customers’ trust — is when the customer discovers the breach from some other source, rather than the financial institution itself.

Of course, having to tell a customer that there is a problem with a service is one thing. Not being able to tell them precisely when that issue is going to be resolved is far worse, and more often than not, that customer may start to consider their other financial services options. To make sure as a financial services organization that your team has the right processes and workflows in place, check out our open-sourced incident response documentation as well as our Financial Services solutions brief.

The post Incident Response Dictates Financial Services Customer Perception appeared first on PagerDuty.

Read the original blog entry...

More Stories By PagerDuty Blog

PagerDuty’s operations performance platform helps companies increase reliability. By connecting people, systems and data in a single view, PagerDuty delivers visibility and actionable intelligence across global operations for effective incident resolution management. PagerDuty has over 100 platform partners, and is trusted by Fortune 500 companies and startups alike, including Microsoft, National Instruments, Electronic Arts, Adobe, Rackspace, Etsy, Square and Github.

Latest Stories
Today most companies are adopting or evaluating container technology - Docker in particular - to speed up application deployment, drive down cost, ease management and make application delivery more flexible overall. As with most new architectures, this dream takes significant work to become a reality. Even when you do get your application componentized enough and packaged properly, there are still challenges for DevOps teams to making the shift to continuous delivery and achieving that reducti...
SYS-CON Events announced today that Daiya Industry will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Daiya Industry specializes in orthotic support systems and assistive devices with pneumatic artificial muscles in order to contribute to an extended healthy life expectancy. For more information, please visit https://www.daiyak...
SYS-CON Events announced today that Nihon Micron will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Nihon Micron Co., Ltd. strives for technological innovation to establish high-density, high-precision processing technology for providing printed circuit board and metal mount RFID tags used for communication devices. For more inf...
SYS-CON Events announced today that Massive Networks, that helps your business operate seamlessly with fast, reliable, and secure internet and network solutions, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. As a premier telecommunications provider, Massive Networks is headquartered out of Louisville, Colorado. With years of experience under their belt, their team of...
SYS-CON Events announced today that Suzuki Inc. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Suzuki Inc. is a semiconductor-related business, including sales of consuming parts, parts repair, and maintenance for semiconductor manufacturing machines, etc. It is also a health care business providing experimental research for...
"Our strategy is to focus on the hyperscale providers - AWS, Azure, and Google. Over the last year we saw that a lot of developers need to learn how to do their job in the cloud and we see this DevOps movement that we are catering to with our content," stated Alessandro Fasan, Head of Global Sales at Cloud Academy, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Enterprises are moving to the cloud faster than most of us in security expected. CIOs are going from 0 to 100 in cloud adoption and leaving security teams in the dust. Once cloud is part of an enterprise stack, it’s unclear who has responsibility for the protection of applications, services, and data. When cloud breaches occur, whether active compromise or a publicly accessible database, the blame must fall on both service providers and users. In his session at 21st Cloud Expo, Ben Johnson, C...
21st International Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Me...
Many organizations adopt DevOps to reduce cycle times and deliver software faster; some take on DevOps to drive higher quality and better end-user experience; others look to DevOps for a clearer line-of-sight to customers to drive better business impacts. In truth, these three foundations go together. In this power panel at @DevOpsSummit 21st Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, industry experts will discuss how leading organizations build application success from all...
SYS-CON Events announced today that mruby Forum will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. mruby is the lightweight implementation of the Ruby language. We introduce mruby and the mruby IoT framework that enhances development productivity. For more information, visit http://forum.mruby.org/.
Cloud-based disaster recovery is critical to any production environment and is a high priority for many enterprise organizations today. Nearly 40% of organizations have had to execute their BCDR plan due to a service disruption in the past two years. Zerto on IBM Cloud offer VMware and Microsoft customers simple, automated recovery of on-premise VMware and Microsoft workloads to IBM Cloud data centers.
Why Federal cloud? What is in Federal Clouds and integrations? This session will identify the process and the FedRAMP initiative. But is it sufficient? What is the remedy for keeping abreast of cutting-edge technology? In his session at 21st Cloud Expo, Rasananda Behera will examine the proposed solutions: Private or public or hybrid cloud Responsible governing bodies How can we accomplish?
Today traditional IT approaches leverage well-architected compute/networking domains to control what applications can access what data, and how. DevOps includes rapid application development/deployment leveraging concepts like containerization, third-party sourced applications and databases. Such applications need access to production data for its test and iteration cycles. Data Security? That sounds like a roadblock to DevOps vs. protecting the crown jewels to those in IT.
SYS-CON Events announced today that Cedexis will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Cedexis is the leader in data-driven enterprise global traffic management. Whether optimizing traffic through datacenters, clouds, CDNs, or any combination, Cedexis solutions drive quality and cost-effectiveness.
Elon Musk is among the notable industry figures who worries about the power of AI to destroy rather than help society. Mark Zuckerberg, on the other hand, embraces all that is going on. AI is most powerful when deployed across the vast networks being built for Internets of Things in the manufacturing, transportation and logistics, retail, healthcare, government and other sectors. Is AI transforming IoT for the good or the bad? Do we need to worry about its potential destructive power? Or will we...