Focus on Funds

ICI Further Expands Its Cybersecurity Resources

Renowned “white hat” hacker Kevin Mitnick will speak at ICI’s Cybersecurity Forum on November 10. In the September 23, 2016, edition of Focus on Funds, ICI Senior Director Peter Salmon details the conference agenda, and outlines what members can gain from an ongoing survey.

Transcript

Stephanie Ortbals-Tibbs, ICI Director, Media Relations: Cybersecurity is a leading concern for the fund industry. And ICI’s become a leader on the issue, by convening some of the most nationally noted speakers and experts at its annual Cybersecurity Forum. This year promises to be no exception, and in fact, there is someone new and exceptional coming to the podium.

Peter Salmon, ICI Senior Director, Operations and Technology: It’s very exciting. We’re going to have opening the conference Kevin Mitnick, who’s a very well-known, infamous hacker, who’s gone on the straight and narrow for many years now, but he’s got a very interesting background. And I think the opening promises to be fascinating and it’s going to open a lot of eyes in the audience.

Ortbals-Tibbs: This isn’t just going to be a talk; it’s going to be very dynamic and interactive.

Salmon: There will be a hands-on, live demonstration, as opposed to just talking theory and what you’ve read in newspapers and so forth. You’ll actually see how somebody gets into a system and the techniques they use to take advantage of vulnerabilities.

Ortbals-Tibbs: And that’s not the only extraordinary speaker or topic on the agenda at this conference. What are some of the other highlights?

Salmon: Absolutely. We’ve got John Pescatore as our luncheon keynote speaker. He’s with the SANS Institute. He was formerly with the NSA. In terms of the panels, we’re going to be having one on threat intelligence. We’ll have one on how to communicate with the board—this has become more and more critical for CISOs [chief information security officers] to be able to communicate in English with boards of directors. And then we’re going to have one on an incident response and it’s actually going play out as an emergency. We’ve got representatives from different areas within a firm that are going to role-play what they would do during an actual emergency.

Ortbals-Tibbs: Our members engage in tabletop exercises and this is really a chance for them to come see another one in action and benchmark that against what they’re doing.

Salmon: That’s exactly right. They’ll be able to see how people handle things and it’s an opportunity to see where someone makes a misstep or how to adjust your own plans based on what you see.

Ortbals-Tibbs: Peter, this area is so active for us. What else should members be looking for in terms of our activities?

Salmon: This is the second year that we’ve launched our cybersecurity survey. It’s the only survey of its type that goes out exclusively to ICI members. It gives our members that participate the opportunity to look at their information security programs and how they stack up and compare to their peers within the industry—not financial services broadly, but just mutual fund firms. It’s a very powerful tool because they can see if their practices line up in areas A, B, and C, and yet they need to focus some resources on Area D. It becomes a very good tool to sit down with your board and the rest of management and really analyze your information security program.

Additional Resources

• 2016 Cybersecurity Forum
• ICI Information Security Resource Center
• ICI Viewpoints: Cybersecurity at Work: The Risks of Information Sharing
• Video highlights: 2016 ICI Global Cybersecurity Forum