Insurance | Financial Planning | Retirement | Investments | Wealth
INFORMATION SECURITY
Mike O’Donovan
Chief Executive: SEB Platform Solutions
SANLAM AS A CASE STUDY
Digitisation of engagement models
Automation of processes
Data & analytics
Artificial Intelligence
Evolving to a FinTech organisation:EVOLUTION TOWARDS A DIGITAL WORLD
Evolving to a FinTech organisation:A DATA DRIVEN ENVIRONMENT
Clients demand more information (data):To better service and advise clients, Reports & informationTools & models to test scenario outcomes, Statistics & analytics
Needs to be: accessible, anywhere, anytime, anyhow – typically web-based
Regulators require providers to hold more data:FSCA driving more direct communication with members for retirement funds & TCFPPR requirements – long-term insurance compels member level communicationProviders required to hold more member level details
Regulatory environmentRESPONSIBILITY FOR DATA
Principle 12 of the King IV Report on Corporate Governance: Covers the responsible governance of information and technology within an organisation.
Cybercrime Bill (pending), that builds on Chapter XIII of the Electronic Communications and Transactions Act, 2002: Includes the codification and imposition of penalties on cybercrimes, and demands more vigilance on the part of organisationsin how they protect those whose data they hold from cybercrimes.
Protection of Personal Information Act, 2013 (or POPI): Looks at the safeguarding of personal information held by public and private bodies.
Financial Sector Regulation Act 9 of 2017 (twin peaks): Prudential authority = enforcement of regulations, compliance, risk management (business & information technology),
FSCA = to deter misconduct, protect consumers.
FINANCIAL SECTOR A TARGET
To hold organisations to ransom
Commit fraudulent transactions
Identity theft
On-sell personal data
On-sell of system access
Protest or propagating a cause or idealism
Cyber criminals looking to monetise dataMOTIVES
Cyber criminals looking to monetise dataHOW
Hacking of websites & web-based systemsViruses, ransomware, malwareEmail spamming, web phishing, malvertisingVishing & spear phishingWhatsApp
Cyber criminals looking to monetise dataHOW
Theft of hardware, laptops, flash drives, external hard drivesInterception of data transfersCyber forgeryCryptojacking
ATTACKERS AREWELL ORGANISED
SO…WHAT DO WE DO?
SANLAM’S FOCUS
Governance Frameworks &
Policies
Internal Physical
Environment
Data Management External
Environment
Testing
Sanlam’s focusGOVERNANCE STRUCTURES
Formal Policies & FrameworksInformation governance, information security, end-user computing
Governance Oversight & ReportingRisk forums, internal business reports, external assurance reports, incident reporting,
Risk Assessments:Crown jewels & controls aligned to the centre for internet security’s (CIS) top 20 list of prioritised information security controls
Cyber Security Response CapabilitiesCyber security incident response team (CSIRT)Forensic capabilityData recovery competency
Formalise, test and improve preventative controls in line with Cyber Intelligence (CI) security
Sanlam’s focusINTERNAL ENVIRONMENT
Company Asset ManagementHardware and software assets and ownership
Private DevicesInventory of authorised and un-authorised devices (mobile devices & Wi-Fi)
Device ManagementLocal administration & data protectionEncryption and ports blocking (PC, laptops, external hard drives, flash-drives)
Access ManagementLogical & physical accessControlled use of administrator privilegesPrivileged accounts managementPhysical data center security
Sanlam’s focusDATA PROTECTION
Encryption of Data TransfersEmails FTP Password protected files (spreadsheets !)
Data Discovery and Data Leakage PreventionMonitoring irregular behavior, listening technology, auditsCode changes
Structured Data ManagementAccess to data & databases (processing portfolios, reports etc.)
Unstructured DataOwnership and access management (housekeeping)
Sanlam’s focusEXTERNAL ENVIRONMENT
Boundary Defense:
Identity access management (IAM), firewalls
Limitation and control of network ports
Software Applications:
Application software security (penetration testing at a database level, patches & updates)
Malware defences
Vendor Solutions:
Outsourced hosting arrangements
Third party developed deployments
Sanlam’s focusTESTING OF CYBER CAPABILITIES
Desktop exercises user training & awareness
SimulationsDR & BCP exercisesIncident simulations
Technical testsactual attacks to test detection and response capabilities
What does Sanlam doCYBER TEAMS
Red Team:Hackers that continuously try and break into systemsAssist the blue team in addressing vulnerabilities
Blue Team:Focus on defensePreventative controlsCyber intelligence capabilitiesDetection & listening – early warning system (like a neighborhood watch)Monitor internal security events (preserve the events in a forensically sound way and correlate events to identify threats)Incident responseMonitor internal security events (preserve the events in a forensically sound way and correlate events to identify threats)
Sanlam’s responseSANLAM GROUP CYBER RESILIENCE FRAMEWORK
Cyber Strategy & Budget
Cyber Strategy & Budget Regulatory WatchRegulatory Watch StaffingStaffing Resilience
AssessmentResilience
AssessmentCyber & Security skills assessment & TrainingCyber & Security skills assessment & Training
Assurance ReportingAssurance Reporting
Security Awareness
Security Awareness
Risk Management
Risk Management
Performance ManagementPerformance Management SourcingSourcing
Governance
Early Warning Monitoring
Cyber Intelligence Management
Cyber Intelligence Management
Maintenance, Monitoring & Analysis of Audit Logs
Maintenance, Monitoring & Analysis of Audit Logs
Response
Cyber ForensicsCyber ForensicsCyber Crisis ManagementCyber Crisis Management
Incident Response &Management
Incident Response &Management
Data Recovery Capability
Data Recovery Capability
DestroyDestroyDeceiveDeceiveDegradeDegradeDisruptDisruptDenyDenyDetectDetect
Device InventoryDevice Inventory Vulnerability Assessment & Remediation
Vulnerability Assessment & Remediation
Email & Web Browser Protection
Email & Web Browser Protection
Secure Configuration of Firewalls, Routers & Switches
Secure Configuration of Firewalls, Routers & Switches
Application Software Security
Application Software Security
Software InventorySoftware Inventory Administration Privileges
Administration Privileges
Network Ports, Protocols & Services
Network Ports, Protocols & Services Data ProtectionData Protection
Prevent
Account Monitoring & Control
Account Monitoring & Control Penetration TestingPenetration Testing
Secure Configuration of Mobiles, Desktops & Servers
Secure Configuration of Mobiles, Desktops & Servers
Malware DefenceMalware Defence
Boundary DefenceBoundary Defence
Controlled Access
Controlled Access
Wireless Access Control
Wireless Access Control
Advanced Threat Detection
Advanced Threat Detection
Basis of Information Security Capabilities & Control
Your responsibilitySO, WHAT SHOULD YOU DO ?
Do you know how the data that you are the custodians of is stored, managed and governed?
Is your own environment safe?
How to you handle data between your clients, administrators, funds and service providers?
Have you completed the cyber security checklist as part of you service provider assessment?