A joint press release issued last year by U.S. federal bank regulatory agencies announced the requirement for financial institutions to provide a notification within 36 hours after a confirmed cyber incident. These measures are a result of increasing cyberattacks targeting financial institutions in recent years. Managing this compliance in-house can be difficult for many organizations. Outsourcing to an MDR provider is an option, and in this blog, we outline 7 tips for finding the right one.
Cybersecurity attacks are prominent nowadays, with cybercriminals motivated to steal personally identifiable information (PII) and leverage this information for financial gain. As financial institutions frequently handle sensitive customer PII and finances as part of their day-to-day operations, they can be especially appealing targets to attackers.
Financial institutions know that they hold a great responsibility to their clients as stewards of both their money and their data. Sometimes this responsibility might seem overwhelming – it is no small feat for any organization to keep up with ever-evolving technologies, maintain regulatory compliance, stay ahead of cyber threats, and manage the complex requirements of the ordinary business day. Security controls are expensive to implement because they require investment in tools, people, training, and technology – and they all come with a cost.
Thankfully, these institutions can offload some of the burdens to a Managed Detection and Response (MDR) provider that can perform some of the heavy lifting and ultimately be a first-responder should a security incident occur.
If your organization plans to enlist the help of an MDR provider to enhance your security posture, here are 7 key things to consider in your evaluation:
- Device Coverage
Consider an MDR provider that uses a layered security approach to securing clients – in other words, one that applies multiple security controls within organizational systems to help cover any potential gaps. A good MDR provider should support, manage, monitor, and perform remediation to current devices, which vary from mobile devices, endpoints, firewalls, and the cloud.
- People and Operations
An MDR provider must have qualified security professionals doing the right work to fulfill your company’s unique security needs. Evaluate their security staff’s certifications and capabilities to better understand how the MDR provider invests in their people. Additionally, an MDR provider should be reachable and available 24x7x365 to ensure you get the coverage you need, whenever you need it.
- Portals and Reports
MDR providers should make reports readily available to you, such as through a customer portal. Report data helps you evaluate your current cybersecurity posture and better prioritize security tasks. Be sure that you can access reports as needed, and that they provide key information so you can assess and review the services rendered and confirm that your vendor is meeting critical SLAs and metrics.
- Tools and Technology
To meet regulatory requirements, any third-party vendor you hire must also meet compliance standards. MDR providers are no exception, and should provide transparency about the tools they use to deliver their service to you, and let you identify any potential vulnerable applications that could have an impact on your organization.
- Vulnerability Discovery
In order to keep systems updated and secure your current configuration, an MDR provider should work with you to assess and review your current cybersecurity posture with vulnerability scans, assessments, and penetration tests. They also should provide recommendations on how to remediate found vulnerabilities.
- Security Awareness
Identify how an MDR provider keeps up with security news, the changing threat landscape, and attacker trends. Ask what actions they take to ensure that they can detect and monitor the latest threats, as well as how they would work with you to maintain security awareness within your organization.
- BCP and Due Diligence
The continuity of an MDR provider’s operations is critical to your security, so it’s important to ask how your vendor plans to fulfill their obligations to you if they have a disruption in their business. We recommend selecting an MDR provider that falls under the Federal Financial Institutions Examination Council’s (FFIEC) oversight to ensure that the vendor understands their regulatory requirements, has passed their compliance review, and provides reporting to meet compliance.
In addition to these considerations, institutions should also select an MDR provider that is a good fit for the needs of their operations and within budget. Overall, any MDR provider you choose should demonstrate their efficiency and effectiveness in improving your organization’s cybersecurity posture and act as a direct extension of your in-house IT team or work directly with your other IT partners.
Explore what SilverSky has to offer as an MDR provider. If you have any questions, contact us.