The Observer


Information Security - A Call to Action

by Arti Sharma, President & CEO, Northern Trust Company, Canada

As threats continue to mount, understanding and managing cyber security risks has become top of mind for leaders in business and government. Cyber security is widely considered one of the greatest challenges facing the financial services industry. While experts agree there is no fool proof solution, below are some high level principles for operating in the 21st century cyberthreat environment.

Globally, we are in a state of heightened cyber alert
Business executives often ask how to manage confidential information. Experts agree on the key first step: Start with security. Factor it into the decision making in every department of your business – such as personnel, sales, accounting, and information technology.

All cyber security programs must begin with a strong governance foundation - policies, standards, procedures and commitment from Senior Management are crucial building blocks for protecting data. In addition, performing a comprehensive analysis of the most critical information in your organization will provide transparency into the high risk areas where the majority of your funds and attention should be directed. Common tips from top security experts:

  • Assess your ability to identify and defend against threats that make it past your defenses; it’s only a matter of time before they do.
  • Hire an independent third party consulting firm to measure your cyber maturity levels against both an industry established and trusted framework and relative to your peers.
  • Develop, Insource or Outsource operational capabilities for detecting threats that make it past your defenses, and empower that team with appropriate response capabilities.
  • Test your systems, applications, and security controls. Hire third party information security compliance firms (“ethical hackers”) to identify hidden security weaknesses and potential vulnerabilities in order for them to be addressed and mitigated before they can be exploited by cyber criminals.
  • Develop, document and test cross functional incident response plans.
  • Take advantage of intelligence-sharing opportunities with peers, vendors, law enforcement, and industry affiliations (FS-ISAC).

  • Develop an understanding of your systems and environment in a “trusted” state, then monitor for changes or anomalies from that state.
  • Produce appropriate security logs across the spectrum of your environments and ingest them into a big data analytics platform.
  • Enrich the data with information that will help provide context to your analytic environment, such as Identity and Access information about your staff and vulnerability information from system and network scans.
  • Further enrich your analytic environment with strategic and tactical intelligence from vendors, peers, and industry affiliations. Explore visualization software to help refine security alerts into a more manageable interface.
  • Consider predictive behavioral analytic systems to help reduce workload into a smaller, more meaningful set of alerts (reduce the “whitenoise”).

  • Hire highly skilled technical staff; build your team with self-starters who possess the ability to work through stressful situations as part of a high performance team. Supplement with curious, insightful problem solvers with strong communication skills.
  • Perform appropriate levels of background checks before onboarding new security hires; follow up with regular checks on an annual basis.
  • Stay current on the cyber security talent market and pay appropriately.
  • Provide and use the tools your team needs to be successful. Make Security a top budget priority.
  • Develop, train and provide appropriate career advancement.
Please Note: The enclosed information is offered for consideration for your personal and corporate awareness.  It does not constitute advice or counsel on security matters and may not be appropriate for your particular circumstances.  You should obtain your own expert guidance and counsel on cyber security matters instead of relying on this information.


  Arti Sharma
  President & CEO
  The Northern Trust Company, Canada

Arti Sharma is President & CEO of The Northern Trust Company, Canada – a leading provider of asset servicing in the Canadian institutional investor market. Arti has over eight years of custodial consulting experience where she was the lead consultant on custodian searches, benchmarking custodians, reviewing client’s current operating model and recommending future operating models. She also has over 20 years of experience primarily in the custody industry.