The Group of 7 (G-7) has published the “fundamental elements” of best practices in cybersecurity for public and private entities in the financial sector that highlights the international effort to protect global finance in the wake of a series of cyber bank heists and finance sector attacks.
The G-7 is comprised of the U.S., Great Britain, Canada, France, Germany, Italy and Japan and is an informal bloc of industrialized democracies that meets annually to discuss issues such as global economic governance, international security and energy policy.
From our perspective, the G-7 announcement will raise international attention on the daily threat posed to the global financial system by rogue hackers and cyber thieves. It’s a timely message that we’ve carried to our clients and to regional and national risk management and insurance conferences where we’ve given presentations.
Keep in mind that the U.S. Department of Treasury has been instrumental in helping craft these new non-binding G-7 elements. The elements, as described by the G-7, serve as the building blocks upon which an entity can design and implement its cybersecurity strategy and operating framework, informed by its approach to risk management and culture.
Sera-Brynn was the only cyber security firm invited to support Treasury’s work on the initial framework. In April, our CEO Rob Hegedus was invited to the Department of Treasury to discuss cybersecurity best practices and future trends within the financial services sector. Sera-Brynn was the only cyber security company present at the meeting.
The event was in support of the overall cybersecurity posture of the United States’ financial services industry, a mission that has become a national security priority for executive agencies. Our presence at the meeting signaled an effort on the part of the federal government to bring in private sector counterparts to jointly tackle this issue and partner together toward the best solutions for the American public.
It also underscored our firm’s focus on and close association with the legal community as the event was co-sponsored by the American Bar Association.
One thing that we like about the publication of the G-7 elements is that it shows the cooperation and resolve of the international community to thwart bad actors in the cyber realm.
The G-7 eight cybersecurity elements include:
—Establishing and maintaining a cybersecurity strategy and framework tailored to specific cyber risks and appropriately informed by international, national and industry standards and guidelines;
—Governance by defining and facilitating the performance of roles and responsibilities for personnel implementing, managing and overseeing the effectiveness of the cybersecurity strategy and framework to ensure accountability;
—Risk and control assessment through identifying functions, activities, products and services and prioritizing their relative importance while assessing their respective risks, as well as incorporating other controls;
—Establishing systematic monitoring processes to rapidly detect cyber incidents and periodically evaluate the effectiveness of identified controls, including through network monitoring, testing, audits and exercises;
—A response component to assess, contain, notify and coordinate;
—A recovery feature in which operations can be resumed responsibly while allowing for continued remediation;
—Information sharing to engage in the timely sharing of reliable, actionable cybersecurity information with internal and external stakeholders;
—Continuous learning to address changes in cyber risks, allocate resources, identify and remediate gaps and incorporate lessons learned.