How Asset Managers Can Strengthen Their Information Security
CISO Jana Thorén shares her insights about how information security can be used for Asset managers to fortify their organization.
Jana Thorén is ISEC’s new Chief Information Security Officer (CISO). With over 25 years of experience in information security, she previously served as a security manager at a major IT company. Now, she shares her insights about how Asset managers can strengthen their information security, to ensure a safe financial industry.
What does your role as CISO entail?
My primary task is to advise and manage our information security management system. This includes working towards goals, strategizing, educating, managing risks and incidents, and continuously improving the security system to prevent incidents. Moreover, we are working to get ready for an internal audit with the aim of becoming ISO 27001 accredited.
How does ISEC prioritize information security?
ISEC highly prioritizes information security so that clients can feel safe when using our systems and services. For ISEC, we see working with information security as our responsibility and duty toward our clients and the industry at large. We recognize the importance of protecting both our own and our client’s information assets and complying with existing regulations.
How You as an Asset manager can strengthen information security
Working with information security today is a necessity. Organizations no longer have the option to deprioritize these issues. This enables them to prevent incidents and educate both clients and employees. Addressing these challenges requires the right tools, training, and cross-industry collaboration to ensure a secure financial industry.
1. Use Secure AI Tools
AI tools help us detect attacks and improve certain processes, such as identifying irregularities in a development process or intrusion attempts. However, the same tools can also be used by attackers to find vulnerabilities. Therefore, it is crucial that leaders and employees have the right tools and training to ensure high security.
2. Train Employees about Phishing
Employees are a company’s most valuable asset but can also pose risks if they fall victim to phishing attacks. Studies show that 90% of security incidents begin with a phish. This is why employees should be trained to recognize and handle cyber threats.
3. Geopolitical Instability: Increase your Resilience and Protection
Today’s geopolitical instability also impacts financial security. Cyberattacks are used to spread disinformation and, more importantly, steal information to gain access to financial assets. The entire industry must work together to enhance resilience and strengthen protection.
