Wall Street & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


09:15 AM
Becca Lipman
Becca Lipman
Connect Directly

Former FBI Agent Talks Cyber Security With Deloitte

Vigilance can take security only so far. It's time to focus on resilience.

Your organization has been breached. Now what? According to Mary Galligan, retired FBI agent formerly in charge of cyber and special operations and director in Deloitte and Touche’s security and privacy practice, that question is rarely given due consideration.

Try as it might, it is economically unfeasible for a corporation to lock down everything in its system. And many of the things that businesses do in order simply to grow and innovate, including expanding third-party relationships, M&A, and hiring additional employees, will exasperate risks.

The traditional multi-faceted approach to data protection -- security, vigilance, resilience -- has been given a skewed budget, largely allocated to security. This has left resilience, or the ability to respond to increasingly inevitable attacks, rather underdeveloped.

Galligan says today's definition of "resilience" has evolved from simply how to recover systems to full-on crisis management. At the Cybersecurity in Financial Services event hosted by Deloitte and BITS, she explained that proper communications, legal consultations, and increasingly cyber insurance have become prominent elements of resilience.

"Companies need a cyber incident response plan with detailed processes for coordinating efforts among different front-line functions, such as the general counsel's office, public relations, and the office of the CIO," she said. In the event of a data breach, the first course of action should be to alert the general counsel's office to limit legal and investigative issues down the road.

Business continuity plans "should have a far-reaching scope," she said, "and it should include follow-on scenarios that could result from an attack."

Fear corruption, not destruction
"The financial sector is also increasingly concerned about, not just the destruction of infrastructure and data, but also the corruption of it, and how that might play out differently," says Ed Powers, national managing partner of cyber risk services at Deloitte. "In this scenario, the systems are intact but unreliable. It's a question of if we can we trust the integrity of financial institutions." This raises the question of what degree of corruption is permissible in an organization, and when it stops being negligible.

Economics are also at play here, Powers says. Being able to back up a system is relatively easy, but actually reverting to that backed-up system is difficult and comes with cost and reputation ramifications.

These are undeniably important resilience issues to address in advance of a threat or disruption. After all, in the moment of attack, having executives run around in a confused panic rarely does any good.

Becca Lipman is Senior Editor for Wall Street & Technology. She writes in-depth news articles with a focus on big data and compliance in the capital markets. She regularly meets with information technology leaders and innovators and writes about cloud computing, datacenters, ... View Full Bio
More Commentary
A Wild Ride Comes to an End
Covering the financial services technology space for the past 15 years has been a thrilling ride with many ups as downs.
The End of an Era: Farewell to an Icon
After more than two decades of writing for Wall Street & Technology, I am leaving the media brand. It's time to reflect on our mutual history and the road ahead.
Beyond Bitcoin: Why Counterparty Has Won Support From Overstock's Chairman
The combined excitement over the currency and the Blockchain has kept the market capitalization above $4 billion for more than a year. This has attracted both imitators and innovators.
Asset Managers Set Sights on Defragmenting Back-Office Data
Defragmenting back-office data and technology will be a top focus for asset managers in 2015.
4 Mobile Security Predictions for 2015
As we look ahead, mobility is the perfect breeding ground for attacks in 2015.
Register for Wall Street & Technology Newsletters