2020 was a year no one will soon forget, least of all cybersecurity teams in financial services. Operations were upended by the pandemic; the rapid shift to remote working and accelerated digitization of products and services radically expanded the attack surface of the entire industry.
FS-ISAC Insights contributors, C-level executives from top financial institutions around the world, continue to be at the eye of the storm. Here’s a short review of where they see cyber issues in the industry evolving in 2021 and beyond.
Once relegated to a back office silo, cybersecurity is increasingly integrated into the business. Principal CISO Meg Anderson describes how business information security officers (BISOs) ensure ongoing dialogue between the enterprise security team’s overall cyber posture and a more granular understanding of individual business strategies, technology plans, local regulatory requirements and continually evolving cyber threats.
For Lloyds CSO Sharon Barber, the pandemic has validated a firm-wide commitment to developing and cross-skilling in-house talent. With cybersecurity a key area of focus for the bank, Sharon is prioritizing developing skills in security operations, third party risk assessment, and cloud.
The shift to the cloud is inevitable because of its irresistible economics, according to Mass Mutual’s Jim Routh. It requires not just a change in skillset, but a change in mindset. In order to thrive, CISOs must understand the differences between cloud and the former on-premise model in terms of architecture, accountability model, and required organizational structure. To truly embrace the new paradigm, they must engage with how digital products are built and operations are run.
Digital groups have long adopted agile methodologies to continuously develop and release new software. IAG CISO Fabio Fratucello seized the opportunity provided by the disruption to normal operations caused by COVID-19 to shift his entire security team to agile ways of working in order to be able to continuously adapt to new challenges and unforeseen circumstances.
Singapore’s DBS has gone even further. CISO Seng Wei Keng says his firm now thinks of itself more of a tech company than a bank to stay ahead in Asia’s ultra-competitive and innovative financial services landscape. Strong cybersecurity controls on its digital platforms enable DBS to quickly expand across the region and into new markets while maintaining customer trust and regulatory confidence.
Indeed, new technologies like machine learning, artificial intelligence, and quantum computing are presenting both business opportunities and risks for financial services around the world. JPMorgan Chase CISO Jason Witty sees the lightning pace of technological change as yet another reason why intelligence sharing among trusted peers in financial services is so critical for the industry.
Intelligence sharing will also help lift the collective security tide across risk management, application security, incident response, red teaming and other cybersecurity disciplines beyond threat intelligence, says ICE/NYSE CISO and FS-ISAC Chairman Jerry Perullo. The model of sharing across firms even in a highly competitive industry like financial services has been proven over the last 20 years, and now the industry can build on the trusted network we’ve developed to stay at the cutting edge of cybersecurity as a collective, in order to protect the global financial system.
And, as our global head of intelligence Teresa Walsh details, in order to defend against new threats such as the increasing prevalence of ransomware, firms need globally sourced intelligence focused on the financial sector to understand the threat actors they are dealing with.
That intelligence sharing will become increasingly automated and industrialized, according to Goldman Sachs’ Phil Venables. Just as the business has learned to harness increasing volumes of data and use algorithms to enable faster decision making, the security side must do the same to combat increasingly sophisticated threat actors.
November 2020
© 2024 FS-ISAC, Inc. All rights reserved.
Insights
