Building a Cybersecurity Team at LSEG
LSEG is a leading global financial markets infrastructure and data provider, playing a vital social and economic role in the world’s financial system, with significant operations in Sri Lanka.
In today’s digital age, cyber security is of utmost importance to all companies. Cyber attacks are becoming more frequent and sophisticated, and the consequences of a successful attack can be devastating. Therefore, having a strong cyber security team is essential for any company that wants to protect its assets and reputation.
Let’s find out a little more about the teams that make up LSEG’s cybersecurity team in Sri Lanka…
- Identity and Access Management:
The IAM team protects the organisation from unauthorized access, which could in turn lead to a data breach. Only authorized users are allowed access to LSEG’s networks, systems and sensitive data, and by ensuring access controls are in place, they are securely managed throughout the lifecycle of the data.
The IAM team ensures access controls are managed from the onboarding of financial applications to a centrally managed solution, to driving the access review and recertification program. They are mindful of the need to protect the confidentiality, integrity and availability of data, whilst limiting access only to those authorized to have it.
- Architecture Team:
The Architecture team reviews the security architecture of proposed designs, approves firewall rules, contributes to secure architecture design patterns, and simplifies the security architecture review process. Security architecture and design has to be robust and effective.
- Cloud Team:
The Cloud team monitors cloud security posture and configuration compliance, investigates and remediates cloud security alerts, assesses the risks associated with cloud configuration changes, and provides cloud security education to application teams. It ensures that cloud services are secure and compliant with our standards.
LSEG’s cybersecurity team has grown since its inception in 2017, from just five people to now fifteen highly qualified professionals.
LSEG’s cybersecurity team has built resilience through their digital-first approach, cross-functional resources, and dedication to identifying potential risks and vulnerabilities before they become major issues. By being distributed across various strategic global locations including UK, Sri Lanka, India, and Romania, they provide around-the-clock monitoring and support to ensure that LSEG systems and applications are appropriately safeguarded.
In addition to proactively protecting the organisation, the team focuses on maintaining a strong incident response plan and conducts regular tests and drills to ensure they can quickly and effectively respond to any security incidents.
Plans for 2023
LSEG’s cybersecurity is already pursuing its ambitious plans for this year; focusing on three key objectives to improve its cybersecurity posture and keep up with the ever-evolving threat landscape:
- Improve the team’s gender diversity. The team aims to maintain and promote a diverse and inclusive work culture. This is not only important from a social responsibility standpoint but also helps to bring in diverse perspectives and ideas, which improves problem-solving and innovation.
- Expand coverage and maintain responsiveness. As companies grow, so can the attack surface and it’s vital to respond quickly to any incidents. The team is investing in automation and orchestration tools, as well as enhancing incident response capabilities.
- To support ‘shift-left’ and encourage ‘secure by design’. A proactive approach to cybersecurity integrates security into every stage of the software development lifecycle, reducing the likelihood of vulnerabilities. This will be achieved by working more closely with the development teams, providing security training to developers, and integrating security testing tools into the development pipeline.
LSEG’s cybersecurity team has significantly developed since 2017, and its growth and resilience speak volumes about the team’s dedication and expertise. With its plans for the future, the team is well-positioned to continue providing essential cybersecurity services to the company and its clients, while keeping up with the ever-evolving threat landscape.