White Paper
November 16, 2015, 12:34 PM EST
More than Protecting Passwords: Advancements in Cyber Security
Author
Source: Synchrony Financial
Abstract:
With our most personal information leaving the locked filing cabinets of old and becoming digital by way of banks, healthcare providers, and businesses at large, it is no wonder that security has taken on a new form. Information technology has proved invaluable for companies and consumers alike, and is certainly not impervious to external threats. As data leaks and hacking attempts continue to make front page news, cyber security has entered the spotlight and—with cyber criminals becoming all the more sophisticated—is poised to stay there.
That being said, companies are taking a closer look at how best to protect their clients’ data. “Information Security, which used to be an add-on, an afterthought to systems and processes, now needs to be inherent in the DNA of all systems to work effectively,” remarks Daniel Conroy, the Chief Information Security Officer (CISO) for Synchrony Financial. Conroy is part of a growing network of professionals tasked with staying abreast of the latest security innovations. He shares his insights here so that businesses can better recognize the most effective cyber security protocols to help keep their customers’ data safe.
That being said, companies are taking a closer look at how best to protect their clients’ data. “Information Security, which used to be an add-on, an afterthought to systems and processes, now needs to be inherent in the DNA of all systems to work effectively,” remarks Daniel Conroy, the Chief Information Security Officer (CISO) for Synchrony Financial. Conroy is part of a growing network of professionals tasked with staying abreast of the latest security innovations. He shares his insights here so that businesses can better recognize the most effective cyber security protocols to help keep their customers’ data safe.
Table of Contents
Maintain information sharing networks with peer organizations
One of the most important things that an organization can do is to collaborate with its peers. With cyber criminals becoming more sophisticated and well-networked, security professionals need to communicate and cooperate to combat the threat and respond to incidents. “This collaboration is helping us build better protection and bring more cyber criminals to justice,” says Conroy. “We actively participate in information sharing with our partners, customers, government, law enforcement agencies, the intelligence community, and peer banks.”
Prioritize & categorize threats
An extension of that information sharing is prioritizing and categorizing the different threats that arise. Many of these threats come from international organizations, such as those launching spearphishing attacks designed to introduce destructive malware into a network. “Our primary focus is detection of targeted attacks, specially crafted exploits and malware combined with laser focused social engineering,” declares Conroy.
One way that security teams can protect against such attacks is by deploying layered security defense systems. Based on the military theory that a multi-faceted defense protocol is harder to penetrate than a single barrier, cyber security experts are using every tool in their arsenal to protect the networks and databases under their charge. By combining tools such as end point security, antivirus software, firewalls, VPNs, intrusion detection, encryption, strong authentication, etc. into one coordinated system, networks can be made exponentially more secure.
Utilize a layered flexible defense
Due to the constantly changing nature of the methods used by cyber criminals, Conroy stipulates that the technologies used to provide that defense must be flexible, not static. He explains, “Flexible technologies allow us to change the configuration in real time and perform sophisticated dynamic analysis, real-time threat intelligence and automated threat response based on the nature of the attacks seen in the network.”
Prepare to invest, now and then
All of these strategic components require an underlying commitment on behalf of the company to invest in current and future growth of their cyber security systems. Criminals are constantly engineering new and complex methods of stealing information, so the defense systems that stand in their way must be equally sophisticated, which requires greater attention, time and money. Conroy predicts that we “might see advances in encrypted systems, more focus on compliance, new cyber security laws, regulations and frameworks, stricter breach reporting laws...that may make it resource-consuming, harder and expensive to secure data and company assets.”
It won't be easy or inexpensive, but it's an investment that a company has to make in order to ensure its future viability and reputation.
Cyber Security Darwinism
Companies should abide by Conroy’s most important takeaway: “It is not the strongest of the species that survives; it is the one most adaptable to change.” Cyber security has certainly evolved by leaps and bounds over the past several years, but security is not a one-stop destination. Everyone must move forward together to adapt to the continually changing digital landscape. To gain and keep consumers’ trust, businesses must prove that they are offering the most up-to-date and sophisticated security protocols to protect sensitive information. Consumers are increasingly aware of a company's level of commitment to cyber security and actively follow their adoption – or lack of – new security technology. Changing times call for greater innovation and diligence by all, for the protection of all.
To learn more about Synchrony Financial and their commitment to cyber security, visit www.synchronyfinancial.com.