FINTECH
Corey Hamilton : I believe the strongest control has yet to really make inroads and that is around security education for customers . The most vulnerable are those that leapfrogged the desktop based ‘ online banking ’ platforms and jumped right into mobile . Cyber criminals are well aware of the lack of focus we as a society have while being mobile , and unfortunately , I don ’ t expect this to change without some significant focus .
What role does automation have in mitigating risk ? Which other technologies could form a stronger , more coherent threat response ?
Norma Krayem : Automation helps standardise protections and focus on machine-speed solutions across a wider swath of the network . At the same time , industry must also focus on not just the tools that exist now , but the new ones that need to be created , too . Attackers can learn quickly how to get around the existing tools and use technology to create new backdoors .
SolarWinds is an example of an attacker that methodically learned which tools and systems were used to protect networks and then used those same structures against the US government and the private sector . Cybersecurity is an enterprise risk management issue ; it must constantly change and adapt to the threat environment .
Corey Hamilton : Poorly tuned security platforms , instead of focusing on the highest risk and greatest ROI , are often geared towards ‘ low hanging fruit ’ or quick wins that are of lower concern .
At IBM , we have introduced a
Cloud Pak for Security ( CP4S ) as many customers have a vast array of tools and technologies already deployed . However , they lacked a single pane of glass that covers threat intelligence , event monitoring , and automation across today ’ s on premise , hybrid cloud , and multi cloud environments .
Ian Benson : Rather than focus on a single technology , what we need to consider is how we can design systems to be resilient and secure within the environment that we expect them to operate . In the same way that we consider financial risks and rewards when launching a new product or working with a new business partner , we should also consider how tech changes can alter an organisation ’ s risk profile .
Automation and orchestration undoubtedly help increase the speed and repeatability of response , but it ’ s important that we don ’ t forget the ‘ hard basics ’ like access control , active directory hygiene , security patching and configuration , and asset management .
Finally , is there a cultural barrier to solid cybersecurity ? Do stakeholders have an in-depth understanding of the risks inherent to modern finance ?
Limor Kessem : Cybersecurity needs to become a ‘ universal culture ’ in every business .
50 April 2021