AUTHOR
Penetration testing for financial service providers: Plan. Prepare. Respond with RSM
Penetration testing lets financial organisations safely test their data security.
In today's digital landscape, safeguarding sensitive data and fortifying cyber security defenses have become paramount. Data security and privacy have become a primary focus area for financial institutions, such as mortgage brokers, banks, and insurance providers.
As legislation continues to change around the protection of personal information in the finance industry, one of the key things that financial organisations can do is conduct a penetration test to confirm that cyber criminals cannot extract data from their environment.
Bavani Chetty is a senior manager in the Cyber Security and Privacy team at RSM with over two decades of experience in I.T. operations and Cyber Security. Watch as she discusses the importance of penetration testing for financial organisations, RSM's experience and expertise in safely conducting penetration tests and the benefits of outsourcing penetration testing to an independent party.
If you've ever wondered why a penetration test is a useful tool for financial organisations, Bavani puts it best.
"Why not get somebody to try and break into your environment before the real attacker does?"
READ TRANSCRIPT
My name is Bavani Chetty, I'm a senior manager in the Cyber Security and Privacy team at RSM. I have over two decades of experience in I.T. operations and Cyber Security.
Being a cyber resilience professional for years I understand that as a financial organisation you always need to be on. One of the key concerns for many executives and I.T. managers, when we chat to them, is what's the probability of you bringing my systems down, during your penetration test? I assure you RSM has done this with multiple clients. We know what to do and how to do it to ensure that we do not bring anything down.
We understand what is important to your teams. We understand what is important to your business. We spend that additional time with your team members to understand the critical systems and ensure that we do not impact them during our penetration tests.
A penetration test allows you not to just confirm that the policy or the tool is configured to protect the organisation, but rather to test its effectiveness against it. Why not get somebody to try and break into your environment before the real attacker does?
As a financial institution such as a mortgage broker, a bank, or an insurance provider, one of the key things that you need to focus on is protecting personal information.
As the legislation continues to change around the protection of personal information in the industry one of the key things you can do is conduct a penetration test to confirm that cyber criminals cannot exfiltrate data from your environment.
Many financial organisations actually have their own in-house penetration testers. This is really useful in helping you identify vulnerabilities within your environment.
However, what's even more useful is having an independent party that comes in to test your effectiveness of your controls. This allows for management to have that assurance that all areas of their I.T. infrastructure is tested and not only those that are matured by their in-house I.T. team.