Cybersecurity is a cross-discipline exercise – Nationwide
By Sunniva Kolostyak
Cybersecurity must be addressed as a wider issue than just a technology threat, a Nationwide expert said at RBR’s BankSec 2020 conference.
Speaking at the banking security conference, held online, Andy Giles, Head of Security & Resilience Centre of Excellence at UK building society Nationwide, said cybersecurity has become more important than ever before.
In a presentation on the strategic aspects of the cyber threat, Giles said organisations are facing an increasing number of strategic cyber considerations that will continue to challenge security postures and budgets.
“The attacks have become more audacious, […] they’re becoming increasingly politically motivated in their execution. Our traditional perceptions of cyber threat defence are being challenged and now it is more imperative than ever that we take a look at what we can do to protect the whole organisation, moving forward,” Giles stated.
He explained that the advent of information systems has ushered in the ‘knowledge economy’ which helps protect economies against market turbulence, but which also makes cyberattacks a problem which must be addressed with a macro-focus, and across disciplines.
Collective action is seen in some areas of the UK financial industry, where information sharing and integrated insights from different environments are being pooled, but it is not yet efficient, having an ‘almost exclusively technical expertise and tactical outlook’.
“We need to think in the longer view and be more strategic in our management of cybersecurity if we are to maintain our financial success and protect against emerging threats that are encouraged by political and international market volatility,” Giles said.
The industry has a number of tools to identify and respond to pre-categorised cyber threats, and these need to be in place before more advanced methods can be implemented. But it is time to move forward, as there is currently no effective technology or methodology that protects against concerted information operations, responds to geopolitical events, or helps predict future hacking campaigns.
Giles added: “As an industry, presently, we only react to really focus on the technical, such as indicators or compromise, that very often happen very soon before an attack or soon after an attack has been seen in the wild, if you will. Our adversaries plan their operations, in the strategic context, years in advance. Industry and government, we could do well to take notes.”
In order to address the concerns, the industry must make collective efforts to mitigate against advanced threats.
“This means greater use of automation, controls monitoring, and data science, to aid with analysing patterns synonymous with suspicious network activity, […] assessed against the backdrop of geopolitical factors that contextualise and confirm potential adversary attack activities and campaigns,” Giles said.
“We could be far more effective at defence, protection of our customers, and actually save money.”
IBSi FinTech Journal
- Most trusted FinTech journal since 1991
- Digital monthly issue
- 60+ pages of research, analysis, interviews, opinions, and rankings
- Global coverage