Heard at Ops: Enhancing Cybersecurity and Preparedness with Andrew Retrum

As part of the Heard at Ops series, Andrew Retrum of Protiviti talks about the latest cyber threats, the ION outage’s impact on the financial services industry, and protecting firms and the sector against evolving threats. Watch the video and read the Q&A below.


Q. What are the latest cyber threats and how are they evolving?

The threat landscape for the financial services sector has been consistent. It is in an elevated state and has been for the past several years. The threats are a combination of business email compromises, systems that are not configured correctly, and identity and access-related issues that allow a bad actor to have access into the environment.

What adds to that is a new wrinkle with regards to a couple of different things:

  1. Third party attacks that we are seeing more consistently – The ION outage is a good example of where the bad actor has not attacked the financial firms themselves, but rather the third parties they rely upon across the market. We will see more of that going forward.
  2. Emerging technology – While firms are looking to work with and integrate AI, quantum computing and other new technologies into the business, so, too, are the bad actors looking to those technologies and how they can leverage it in the future.

Q. Describe the impact of the ION outage.

The ION ransomware attack was a very telling example – a real world case study – on how prepared the sector is to respond and recover from an adverse event like that. A number of positive things came out of it. At the sector level, it was a demonstration of the ability to recover, work together and collaborate in a thoughtful way to limit the disruption across the various business services overall.

But it was also an eye-opening experience: I believe many firms felt the disruption and although not a significant impact, left many wondering what if?

Q. What should firms be doing to protect data and prepare for future threats?

What firms can do to protect their data and limit disruption to their business is a discussion that we, as cyber practitioners, have every day. Firms must provide security awareness training to their employees and users (for example, identifying and not clicking on bad links), have identity and access protocols in place as well as patch and change management across their systems and infrastructure. These are not new concepts.

But if you look at the breach data over the past several years, one or more of those foundational elements contributed to cyber issues. First and foremost, those types of foundational elements must be managed within your security program. More importantly than that, given the evolving threat landscape, we always encourage firms to address blind spots. As an example, with ION, firms are looking into how they can better understand the critical path of the business services they provide and those assets along with it.

Andrew Retrum is a Managing Director at Protiviti. He is part of Protiviti’s Global Cybersecurity Leadership team and is the National Financial Services Security & Privacy Practice Lead.