The Criticality of Intelligence-Led Defence (“ILED”) in the Financial Services Sector
-
January 08, 2024
-
In their annual 2023 CBEST Thematic, the UK Financial Authorities have for the first time prominently underscored the significance of “intelligence-led“ defence within the financial services industry. By depicting an overarching intelligence-led cybersecurity model, the report has demonstrated a significant shift in expectation, articulating intelligence-led defence as the gold standard within the financial services sector. Aligned clearly to the Operational Resilience approach deployed in 2022, a transition mandated for Financial Services firms by March 2025, intelligence-led defence allows organisations to prioritise resources and focus on real-world threats which pose credible risks to important business services.
What is Intelligence-Led Defence (“ILED”)?
Traditional cybersecurity risk management models within organisations cast a wide net, attempting to implement cybersecurity controls to protect against all possible threats. However, no two organisations are the same, and neither are the types of cybersecurity incidents they are most susceptible to. This approach is also largely inefficient from a resource allocation perspective, risking lower return on investment from both human and financial capital. Alternatively, by using an intelligence-led defence (“ILED”) model, organisations can focus their security efforts and budgets on the threats specifically relevant to their size, industry, customer base, location, and more.
ILED uses tailored, enriched threat intelligence to enable proactive cybersecurity risk management. The approach allows for prioritised resource investment, contextual and relevant reporting to executives and regulators, and enhanced risk visibility based on real-word threats to organisation. Entities rely on ILED to provide the essential framework aligning with the evolving regulatory standards on both sides of the Atlantic.
Of notable importance is also how the ILED framework is configured, deployed, and operated. Each organisation is intrinsically different, meaning each part of the framework needs to be designed and built to suit. Each criterion and filter should be configured to produce the correct levels of accuracy in output, and each control should be considered as part of the overall solution rather than deployed in a silo.
ILED and Financial Services
Including ILED as an overarching concept in the 2023 CBEST update highlights the importance of this approach in the financial services industry. With entities engaged in high-frequency and quantitative trading capable of triggering market fluctuations within minutes, managing colossal volumes of customer data spanning exabytes, and facilitating immediate access to trillions of dollars in assets and capital, the gravity of potential threats is vividly evident, however the range of threats varies greatly depending on the type of financial institution.
While consumer banks may face great risk from threats to access to funds, large commercial lenders may be at much greater risk from threats to the stock market and key counterparties. Organisations have finite resources when it comes to cybersecurity, and allowing an organisation to proactively identify areas where controls may be better deployed or configured will allow them to mitigate the risks from their unique threat profiles more effectively.
With the addition of ILED to CBEST, financial institutions will now be expected to incorporate an intelligence-based defence model into their overall cybersecurity strategy. Organisations still using threat-based models will need to explain themselves to regulators and could down the road face penalties should the expectation become a regulation or requirement.
While the ILED model is an ideal fit for financial services organisations, it can and should be used throughout all industries, and for companies of all sizes. The principles of ILED are not specific to financial services and can be applied to help any organisation improve their cybersecurity intelligence and risk management efficiently and effectively.
How FTI Cybersecurity Can Help
FTI Cybersecurity is at the forefront of championing the intelligence-led defence concept, and our experts have extensive experience in guiding clients through this strategic approach.
The ILED Framework developed by FTI Cybersecurity bridges the gap between cybersecurity threat intelligence and cybersecurity risk management. It offers a holistic view of the threats organisations face, supports threat modelling, informs upon threat manifestation, and articulates how threats impact organisational operational resilience. FTI Cybersecurity works collaboratively with organisations to reshape processes, enabling the effective consumption of threat intelligence and enhancing risk visibility.
FTI Cybersecurity can help, support, advise, and build an ILED framework for organisations, assisting with the navigation of a host of operational and procedural challenges, and providing experts and solutions to reach an intelligence-led outcome. At the start, that may be as simple – and significant – as explaining why intelligence-led is not ‘just another cyber trend’ to business leaders and stakeholders.
After the implementation is complete, FTI Cybersecurity assists organisations with documentation, reporting, and analysis that shows regulators they are reasonably protected through their ILED cybersecurity controls. FTI Cybersecurity experts have experience working for and with regulators that can be leveraged to demonstrate proper understanding and implementation of ILED within an organisation.
Offering enhanced return on investment to major global businesses and small and medium-sized enterprises (“SMEs”) alike, ILED is scalable and can be offered as a dedicated, managed, or syndicated service ensuring that complexity is not a barrier to effective cyber intelligence acquisition and appropriate cyber risk management.
Now more than ever, the complex worlds of cybersecurity and technology regulation constantly evolve and intertwine. FTI Cybersecurity remains available to help clients navigate that path effectively, aligning with global compliance and regulation requirements as they do.
Published
January 08, 2024
Key Contacts
Senior Managing Director, Head of EMEA Cybersecurity
Managing Director
Senior Director