Focus on Funds: How the Fund Industry Is Defending Against Cyberattacks


Focus on Funds

How the Fund Industry Is Defending Against Cyberattacks

Cyberwarfare is moving more quickly than ever. In the February 8, 2019, edition of Focus on Funds, cybersecurity expert Ron Plesco discusses the changing nature of attacks and the best lines of defense.  


Stephanie Ortbals-Tibbs, ICI director of media relations: Cybersecurity is changing in the blink of an eye. Actually, it’s even faster than that—today’s attacks come on within nanoseconds. At ICI’s recent Cybersecurity Forum, we got some advice on how to combat these new fast-moving actors.

Ron PIesco, principal, cyber response services, KPMG: So from a theme standpoint, it’s understanding the threat. [It’s] staying on top of that, and doing that in real time—not human time, but machine time, within nanoseconds. And how do you do that, and how do you do that when the threat is so asymmetric and changes much like the weather does: every day, every week?

Ortbals-Tibbs: What are you suggesting for them as some tricks of the trade as to how to manage this?

PIesco: It cannot be eyes on glass; it can’t be people doing this. It has to be done in machine time. Threat actors—they’re doing machines as well, right? So they’re using artificial intelligence and bringing that to bear to exploit your network and take what they need to take. Gone are the days that you can have the people behind the machine trying to protect it and react.

Ortbals-Tibbs: What you’re talking about with folks is that as you say, for many years, they might have thought about the people they had to fight cyberattacks. And now, it’s also maybe to a completely new level in terms of the technology they need to have to fight cyberattacks.

PIesco: Yeah, 100 percent—so it’s, you have to make that investment. It’s always going to be a people process and technology. You have to have the right technology and the right people that understand it, but as the threat’s real time, within nanoseconds.

Ortbals-Tibbs: Are there things that you think, you know, people could take into their work in cybersecurity, at all levels within the industry?

PIesco: Sure, I think one thing is you have to understand and think like a threat actor—the criminal—to have a good perspective on what they’re after and their tactic, techniques, and procedures, so you appreciate what the threat’s doing. So, when I deal with these type[s] of issues, I personally think, “How well am I protected?” So what do I have that they’d go after similarly, and how do I protect that? So I think that’s sort of the gut instinct.

Additional Resources