Cyber Security Update - Surrey 1- North… · • Programme Maturity Evaluation (External Firm) •...

1 northerntrust.com | © 2017 Northern Trust northerntrust.com | © 2017 Northern Trust

CORPORATE RISK MANAGEMENT

Darren Seary

Senior Vice President

Information Security and Technology Risk Management

Business and Cyber Security Update

Surrey County Council Pension Fund

Richard Smith

Relationship Manager

Institutional Investor Group

Page 93

2 northerntrust.com | © 2017 Northern Trust

NORTHERN TRUST: BUSINESS PROFILE A highly focused business model supporting two client bases across a single operating platform.

Strength and Stability Value

Assets under custody (Q2 2017) US$ 7.4 trillion

Assets under management (Q2 2017) US$ 1 trillion

S&P long term date rating AA-

Tier 1 capital ratio 13.4 %

Office locations (countries) 25

Client locations (countries) 56

Revenue (Full Year 2016) US$ 4.96 billion

Net income (Full Year 2016) US$ 1.03 billion

Wealth Management

Leading advisor to the affluent market

Individuals

Families

Family offices

Foundations

Endowments

Privately held businesses

Institutional Services

Global provider of investment

services for institutional investors

Pensions

Sovereign entities

Fund managers

Foundations & endowments

Insurance companies

Asset

Management Asset

Servicing

Banking

As at 31/12/2016 (updated annually) Source: Northern Trust

Page 94


New York

Toronto

Chicago

Dublin London

Guernsey

Amsterdam

Luxembourg Tokyo

Beijing

Hong Kong

Bangalore

Singapore

Melbourne

Abu Dhabi

Limerick

As at 03/31/2017 (updated quarterly)

Source: Northern Trust

*Total employees, 17,604 of which are permanent

Stockholm

Frankfurt

Riyadh

Kuala Lumpur

Seoul

Manila

Tempe

Clients in 56 countries

20,839 Staff Worldwide*

Services in 103 markets

A Network of Offices in 19

States and Washington D.C.

Sydney

Pune

GLOBAL COVERAGE, LOCAL EXPERTISE

Page 95


INDUSTRY THREATS AND RISKS TO NORTHERN TRUST

Cyber attacks growing in size

and complexity…

Ransomware

Attacks on Payment Systems

(Swift)

DDoS Attacks

Social Engineering

Boards More Cyber

Conscious

Increased Regulatory

Attention

Increased Client Attention and

Transparency

Threat Landscape

Next-Gen Malware Malicious Insiders

Hacktivists & Nation

States

Advanced Spear

Phishing

Page 96


SWIFT CYBER SECURITY CONTROLS

• Northern Trust did not use the SWIFT configuration compromised in the attack on

the Central Bank of Bangladesh.

• Northern Trust has conducted an assessment against SWIFT security programme

requirements which showed a high-level of compliance and robust control

environment.

• Additionally, all SWIFT patches have been implemented and are up-to-date.

• Any patches sent by SWIFT are applied same-day in test and put into production as

soon as change windows allow.

• Deputy CISO and Director of SWIFT Operations are on US SWIFT group

subcommittee for technology.

• Northern Trust continues to make significant investments in our security

infrastructure, including isolation of certain systems, increased use of two-factor

authentication, enhanced logging and monitoring, and additional anti-malware

controls for computers accessing the SWIFT network.

• Finally, Northern Trust has engaged an independent firm to evaluate end-to-end

SWIFT and Payment controls.

Following high-profile reports of incidents affecting members of their global payments network,

SWIFT launched a security programme to clearly define an operational and security baseline that

members must meet to protect the processing and handling of their SWIFT transactions.

Compromises were generally a

result of weak client side controls*

Actions taken by Northern Trust

• Hackers gained access to and manipulated the

SWIFT Alliance Access server software.

• Hackers took control of credentials that were

used to log into the SWIFT system.

• Members computer security measures were

seriously deficient, lacking even basic

precautions like firewalls.

*http://www.reuters.com/investigates/special-report/cyber-heist-federal/

Page 97


DISTRIBUTED DENIAL OF SERVICE ATTACKS

There have been a number of high-profile Distributed

Denial of Service (DDoS) attacks reported in the press.

A notable feature of these attacks is that much of the

traffic originated from ‘Internet of Things’ devices

(Internet-connected webcams, digital video recorders

etc.). DDoS attacks are unquestionably increasing

significantly in both size and number.

Northern Trust’s DDoS protection incorporates:

• Series of DDoS solutions both internally and externally through the industry's leading

provider of DDoS mitigation (volumetric and application layer).

• Cyber threat intelligence programme to proactively identify and respond to new

threats.

• Participation in industry working groups including those focussed on Denial of Service

analysis and response.

Page 98


RANSOMWARE

Ransomware is a cyberattack involving malware that

encrypts data in order to prevent user access. A

ransom demand requests payment – typically in virtual

currency (such as Bitcoin) – to provide the key to

decrypt the data. These attacks are becoming

increasingly common, affecting institutions (private and

public) and individuals alike.

Northern Trust’s response to the threat posed by ransomware (and other malware) includes:

• Multiple layers of anti-malware solutions to detect and prevent malicious emails.

• User awareness training, including regular phishing simulations, to educate staff on email

safe practice.

• Robust data backup and recovery procedures.

• A well-defined incident response structure, incorporating the Cyber Threat Fusion (CTF)

incident response group, and involving risk workshops/table-top exercises to prepare for

different threat scenarios.

Page 99


INFORMATION SECURITY GOVERNANCE

Risk management culture and organizational structure key to ensuring security and stability

Chief Information Security Officer

Regional oversight and client and partner engagement

Governance and technology risk Cyber security testing Security technology and

operations

Chief Risk Officer

Chief Technology Officer

Chief Operating Officer

Risk Mitigation Disciplines

Information Security Organisation

Robust governance and

leading risk

management practices

Enterprise-wide threat

monitoring and

vulnerability

management

Comprehensive staff

awareness programs

on security and privacy

risks

Rigorous assessment

and management of

3rd party vendors

Use of external

security SWAT teams

to validate effective IT

controls

Page 100


INFORMATION SECURITY RISK GOVERNANCE

In addition to the various information security controls managed and monitored within the organisation,

Northern Trust uses external third party security teams on a regular basis to assess effectiveness.

Page 101


Northern Trust manages information security risks with the same commitment to excellence that we

apply to understanding our client’s financial needs.

Protecting Northern Trust’s client information is a top priority requiring attention at all levels.

• Enterprise-wide threat and

vulnerability risk management

• Active Vendor Risk Management

Framework (Assessment, Due

Diligence, Review, Off-boarding)

• Frequent independent audits,

assessments and penetration

testing

• Business continuity management

(Backup & Recovery,

Contingency Plans, Crisis

Management)

• Cyber simulations and resiliency

exercises

Oversight and

Assessment

• Robust information security

framework and control standards

(NIST, ISO, COBIT)

• Physical and logical security

perimeter

• Layered and comprehensive

defenses including:

• IPS, anti-malware,

patching, DLP, and

encryption

• 24x7x365 security monitoring

and incident response

• Access management (least

privilege principle and separation

of duties)

Layered

Design

• Secure online platform for

transaction services (Passport®)

• Secure application development

life cycle

• Advanced security measures

providing strong authentication

and identification protection

• Fraud detection using machine

and user behavior

• Strict data protection policy

including access rules and

procedures for personal

information

Secure

Services

NORTHERN TRUST’S APPROACH TO INFORMATION SECURITY

2


ASSESSMENT OF EFFECTIVENESS

Northern Trust’s security programme and controls are validated at various levels.

Regulatory Oversight and Examinations

• Examined regularly by various global regulatory

entities

• Focus on Information Security Examinations

• One-Off security questionnaires/surveys

Third Party Testing/Validations

• Ongoing Penetration Testing (External Firm)

• Programme Maturity Evaluation (External Firm)

• SSAE/16 SOC1 Technology Control Assessment

(KPMG)

Industry Participation and Best Practices

• Cyber simulations, table-tops, industry threat

sharing exercises

Self Assessment

• Control Validation

• Northern Trust ‘Red Team’

• Phishing Simulations

• Comparative Analysis to Industry Frameworks

(e.g. NIST, FFIEC etc.)

• Application Code Analysis Tools

• Comprehensive Risk Assessment

Internal Audit

• Independent Review of Control Adequacy

• Targeted Assessments of Cyber Protections

and Security Awareness

Page 103


NORTHERN TRUST PARTNERS – A CULTURE OF PROTECTION

The importance of Privacy and Security is embedded within the organisation.

• Over 340 Privacy & Security champions globally

• A collaborative partnership between Corporate Risk &

Compliance and Business Units

• Defined aims and objectives:

• Reducing the number of privacy incidents

• Increasing awareness of external threats (phishing)

• Raising awareness of secure communication

requirements

• Identify their business unit’s privacy & security risks

• Embed EU GDPR requirements

• Tools and resources:

• Sharepoint site for collaborative working

• Monthly newsletter

• Regional and global knowledge sharing sessions

Privacy & Security Champions

Global initiatives • Th!nk Privacy

• Protect The Trust

• EveryDay Secure

• Security on Demand

• Phishing Simulations

Page 104


THE CYBER THREAT FUSION (CTF) PROGRAMME

The NT CTF programme provides intelligence-driven capabilities to proactively prevent, detect and

respond to cyber threats in a consistent fashion. The CTF programme considers a holistic approach to

cyber security by defining the processes and collaboration required between NT teams (such as the

teams listed below).

Page 105


ALIGNMENT WITH CLIENTS, INDUSTRY, & GOVERNMENT

Our approach is refined through effective engagements with clients, government entities, regulatory

bodies, and industry groups, incorporating methods from industry, government, military and academic

research.

• Strategic, frontline intelligence -

multiple providers

• Alignment of Threat Sharing

Organisations – FS-ISAC, US

CERT, UK Cybersecurity

Information Sharing Partnership

(CiSP), local law enforcement

• Investment in expertise

• Investment in industry

partnerships

Page 106


DISCLAIMER

© 2017 Northern Trust Corporation. Head Office: 50 South La Salle Street, Chicago, Illinois 60603 U.S.A.

These presentation materials are the proprietary and confidential information of Northern Trust. A

recipient (including a body corporate) which has received these materials direct from Northern Trust is

permitted to store, print and use them for the recipient’s own use only. A recipient who/which has not

received these materials direct from Northern Trust is granted no permission or licence to use the

materials in any way. In no event may any recipient publish, retransmit, redistribute or otherwise

reproduce any of the presentation materials in any format for any third party, nor use the presentation

materials in, or in connection with, any business or commercial enterprise, without the express written

permission of Northern Trust. No changes or deletions may be made to any copyright notice included

within the presentation materials.

Page 107


Page 108

Cyber Security Update - Surrey 1- North… · • Programme Maturity Evaluation (External Firm) •...

Documents

Transcript of Cyber Security Update - Surrey 1- North… · • Programme Maturity Evaluation (External Firm) •...