The Group of Seven (G-7) released the Fundamental Elements of Cybersecurity for the Financial Sector this week, which are guidelines for protecting the global financial sector from cyberattacks.
G-7, an economic collaboration consortium consisting of Canada, France, Germany, Great Britain, Italy, Japan and the United States, surveyed the existing approach member countries were taking to cybersecurity and identified pitfalls and the building blocks for minimizing risk. The fundamental elements help address cyber-risks facing the financial sector from both entity-specific and system-wide perspectives.
“Historically, we’ve seen governments take on the challenge of cybersecurity by proposing and enforcing more regulations, an approach that is destined to fail because companies respond by favoring compliance checklists over adopting a risk management strategy,” Fred Kneip, CEO of CyberGRX, told us via email. “Cyber-criminals don’t care if you’re compliant—they care about getting your data. This G-7 agreement marks an important shift toward recognizing that a compliance-driven mentality can undermine the real work of continuous assessment, risk mitigation and remediation that needs to take place to truly minimize cyber-risk exposure, in particular among companies’ third-party digital ecosystems.”
The elements are building blocks that public or private entities in the financial sector can use to design and implement their cybersecurity strategy. Public authorities, including finance ministries, central banks, and regulators, can also use the elements to inform their efforts to both protect the financial sector from cyberattacks and to effectively respond to and recover from incidents when they occur.
The news comes amid daily attacks on banks and the SWIFT money transfer system.
“Cyber-threats present a set of pressing operational, reputational and financial stability risks facing the international financial system,” said US Treasury Deputy Secretary Sarah Bloom Raskin, co-chair of the G-7 Cyber Expert Group. “Sovereign borders do not contain these threats, and accordingly, nations must work together to address them.”
The eight elements start with entities establishing cybersecurity strategies and operating frameworks tailored to their specific cyber risks, and assigning roles and responsibilities for personnel implementing, managing, and overseeing those strategies and frameworks. The elements also call on entities to identify activities that present cyber risks and implement controls to protect against and manage those risks. In addition to covering how entities should respond to, recover from and share information on cyber-incidents, the elements reinforce the need for a dynamic process of continuous learning, through which entities systematically re-evaluate their cybersecurity strategies and frameworks based on lessons learned as their operational and threat environments evolve.
“The international financial architecture is only as strong as its weakest link and that is why the United States should work with our partners around the world to bolster their information security and resiliency,” said Federal Reserve Board Vice Chairman Stanley Fischer. “These elements are a crucial step in further hardening each link in the chain of our global financial system.”
Photo © Lano4ka