The BBA is now integrated into UK Finance. Please go to www.ukfinance.org.uk for new content and updates from UK Finance.
Material published by BBA prior to 1st July 2017 is still available on this website.
From 1 July 2017, the finance and banking industry operating in the UK will be represented by a new trade association, UK Finance. It will represent around 300 firms in the UK providing credit, banking, markets and payment-related services. The new organisation will take on most of the activities previously carried out by the Asset Based Finance Association, the British Bankers’ Association, the Council of Mortgage Lenders, Financial Fraud Action UK, Payments UK and the UK Cards Association.x
There were a record number of breaches globally and in the UK in 2015, many of which involved highly skilled attackers leveraging sophisticated techniques. While the hackers of the world are becoming more advanced, so are the cybersecurity programs and technologies we employ to combat the threats. However, it has never been more important to remember the basics. While the security controls and safeguards that were being broadly adopted 10 years ago are now considered security basics, they are still being overlooked or not implemented with appropriate rigor.
The shiniest tools and technology – from data loss prevention software to network access control solutions to web application firewalls – rely on a strong IT security foundation to be in place. If the fundamentals of that foundation are not strong, these “fancy” new security tools cannot completely prevent breaches or security incidents.
The top three areas in which we see issues in banks of nearly any makeup and size are: passwords, patches and permissions.
So as 2016 unfolds, let’s not shrug our shoulders at the mundane and tedious tasks that constitute security basics; instead, take them on. Passwords, patches, and permissions may be boring as well as challenging to tackle, but doing so will improve the cybersecurity posture of your organisation. And, if you are one of the lucky ones with a budget to buy one of those shiny, new tools in 2016, attending to security basics will make its implementation that much easier.