Context
Since the CCG programme was launched in 2017, the CCGs have brought together cyber security and technology risk leaders from industry in shared forums and connected them with multiple authorities responsible for cyber resilience across the financial sector, to discuss key topics in a secure environment. The member firms were joined by representatives from UK financial authorities and UK Government agencies (the Authorities) including the Treasury, the FCA, the Bank of England, the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA).
Key points to note
The key insights discussed in this publication include:
- Malicious cyber actors targeting internet-facing systems such as email servers and virtual private networks (VPNs) with newly disclosed vulnerabilities, ransomware attacks using Remote Desktop Protocols (RDP) and unpatched devices, denial of service attacks, and inadequate supply chain oversight leading to supply chain compromise.
- The coronavirus (Covid-19) pandemic continued to impact the sector in 2021, with the challenges posed by remote and hybrid ways of working.
- Emerging trends in cyber security risks, include supply chain compromise and exploit of zero-day vulnerabilities.
- The importance of board engagement in setting the organisational cyber risk appetite. This also extends to board support in measuring the effectiveness of cyber security postures, and board assurance that supply chain partners effectively protect the information shared with them.
- Several common good practices can be used for implementing security in the early stages of the software development cycle (also known as DevSecOps). This includes empowering rather than mandating security practices and giving access to security tools to the development teams.
Next actions
None – for information and awareness