Cyber security was one of the most keenly discussed topics at this year’s Sibos conference in Geneva. Many of the experts who attended the event agreed that the industry has progressed significantly in the way it deals with cyber threats.
New ground-breaking technology that bolsters cyber defences has undoubtedly contributed to the industry’s success, and, more recently, cyber threat intelligence (CTI) sharing across organisations globally has further helped to facilitate rapid response in case of a successful network infiltration by malicious actors.
Initiatives include the Cyber Threat Alliance (CTA), a group formed two years ago by security solution vendors and researchers to mount a co-ordinated industry effort and the Cybersecurity Information Sharing Act (CISA) a US federal law that encourages the sharing of Internet traffic information between the government and technology and manufacturing companies.
Despite these responses, cyber threat is a moving target. Cyber criminals are determined to find new and creative ways to target systems putting pressure on firms to continuously advance their cyber security programmes.
Over the past three years in particular, cyber security has gained more attention amongst both financial firms and regulators. We have seen many new cyber security solutions emerge to help firms counter this growing risk. Most of these are fairly interesting and could significantly add to the arsenal of tools used to help firms improve their cyber resilience. Yet while new defence technologies to obstruct cyber threats are becoming increasingly intuitive and innovative, there are a number of prevention techniques that have existed for decades which remain fundamental components of any modern security programme.
Indeed, even the most innovative solutions will be of little use if a firm fails to get the basics right. Many of the presenters at Sibos 2016 emphasised that the importance of routinely resetting accounts, ensuring appropriate patch and vulnerability management and proper segmentation, cannot be overstated. These tools have been around for a long time and actually provide proportionally more uplift to an organisation than some of the new and emerging technologies.
An analytical approach
Tracking and understanding of firms’ own internal IT traffic remains at the core of their ability to minimise cyber risk, as well as to identify and resolve cyber issues more swiftly. It is good to see that the industry is evolving from an obstructionist approach – having realised that not even the most sophisticated solution will be able to prevent all malware – towards an analytical one focusing on internal data movements that may reveal abnormalities, pointing to cyber threats. This means that the cyber risk focus is now shifting from guarding the outside walls to monitoring firms’ internal processes, and it is the internal processes that can provide useful CTI.
Cooperation amongst industry participants remains critical. The widespread use of CTI would greatly bolster the industry’s cyber defences because it enables a collective action, which strongly complements individual in-house security measures. We discovered a long time ago that cyber criminals share their attack toolsets, learning from each other. Consequently, in many cases attacks on one organisation have already been launched against another firm. Automated CTI sharing across organisations globally has proven indispensable in helping firms to facilitate rapid response, in case of a successful network infiltration by malicious actors.
Finally, it is important to accept that guarding against cybercrime is a company-wide operation and responsibility. Phishing attacks – when an attacker is trying to obtain sensitive information by masquerading as a trustworthy entity in an e-mail or another type of electronic communication – remains one of the most successful tools used by malicious actors. It is essential that all employees are aware of the importance of cyber security. However, firms also need to have robust enterprise-wide cyber security plans in place to ensure that firms have maximum protection against cyber-attacks, irrespective of the individual knowledge base of employees.
In conclusion, firms should remember that despite the rise of new cyber products, they must get the basics right first – practices established some 20 years ago remain the foundation of any successful cyber security programme. Opting for new solutions alone and under-investing in core competencies such as system segregation and data classification may prove counterproductive.
As was highlighted at Sibos 2016, firms should not get blindsided by the abundance of new tools that have become available in the market and should continue to focus on the time-tried approaches that still stand true today. It will be interesting to see how cyber security strategies have evolved this time next year at Sibos Toronto.
Big data is now a commonplace term in boardrooms across the globe and data management has never been more important. As for the teams and individuals enabling these advances? They’re the corporate rock stars of the day.
In a world where connectivity is on the rise and transportation costs have been falling, it’s a paradox that over the last decade there’s been a decline in trade as a share of economic activity. At the same time, there has been a significant slowdown in technology investment across the trade finance industry – the only exception being the technology needed to support regulatory compliance and risk management.
The future of digital treasury tech will bring about the death of shared services, payment factories and supply chain finance, argue Standard Chartered executives. They met with GTNews to discuss seeing a greater connection between treasury and the physical supply chain and the dramatic digital advances being seen in Asia, Africa and the Middle East.
Tomorrow’s treasurer will undoubtedly need to be tech savvy – as will every senior finance professional. Importantly, they will also have to have the ability to re-imagine their KYC, regulatory and compliance ecosystem if they are to keep up with the evolving regulatory environment and have access to the liquidity and services they require when and where they want them.