Cybersecurity is a moving target. Within the financial services industry, including banking and insurance, the threat of fraud is a reality all too familiar for employees in the sector. According to the IBM Institute of Business Value report, 2023 Global Outlook for Banking and Financial Markets, the cost of data breaches to the industry was 37% higher than the global average in 2022.
A strategy that has proven most effective so far
For the longest time now, we have been told that humans are the weakest link when it comes to cybersecurity. However, this awareness is not reflected in cybersecurity investments. According to Lance Spitzner, director at the SANS Institute, organisations are most likely spending 10x to 20x the time and resources on security technology as it does security the HumanOS – the people who work there.
Lance Spitzner
“Technology is important, we must continue to protect it. However, at some point, you hit diminishing returns. We have to begin investing in securing the HumanOS also, or bad guys will continue to bypass all of our controls and simply target the human endpoint.”
Lance Spitzner
Asked which cybersecurity strategy has proven most effective in 2023, Alvaro Garrido, group chief information security officer at Standard Chartered, commented that having a people-centred cybersecurity strategy always works out well for the bank. He further clarified that this approach is not specific to 2023, however, suggesting that the practice applies to every condition.
“When it comes to cyber threats, the question we face is ‘how prepared, organised or ready to respond?’ because cyberattacks are not an if, but when. It is the art of seeing further, understanding more, correlating better, and then responding faster. Hence, people are our best defence when they are properly trained and have the awareness levels needed,” he continued.
He also stressed that cybersecurity is not just for the cyber team, that it is a shared responsibility across any organisation that hinges on behaviours, decisions and actions when it comes to engaging with colleagues, clients, and regulators.
Alvaro Garrido
He acknowledged that to sustain a healthy risk culture, the team needs to live by these behaviours:
Have a high awareness of potential risks and an ability to identify them.
Be able to exercise good judgment and make informed decisions promptly.
Take accountability and create a safe environment for people to call out risks, threats, vulnerabilities, and incidents.
Take proactive and prompt action and escalation to assess and treat risks.
Stay open to continuously learning from past successes, failures and experiences and make sustainable changes.
He further added that the sharing of threat intelligence and best practices plays a key role in helping organisations collectively defend against new and emerging threats.
“For instance, we are a member of global networks and organisations which are committed to improving cybersecurity including the Financial Services Information Sharing and Analysis Centre (FSISAC). This allows us to remain at the forefront of security developments in the financial services system, engaging regularly with the sharpest minds in more than 70 countries," concluded Garrido.
Allan is Group Editor-in-Chief for CXOCIETY writing for FutureIoT, FutureCIO and FutureCFO. He supports content marketing engagements for CXOCIETY clients, as well as moderates senior-level discussions and speaks at events.
Previous Roles
He served as Group Editor-in-Chief for Questex Asia concurrent to the Regional Content and Strategy Director role.
He was the Director of Technology Practice at Hill+Knowlton in Hong Kong and Director of Client Services at EBA Communications.
He also served as Marketing Director for Asia at Hitachi Data Systems and served as Country Sales Manager for HDS’ Philippines. Other sales roles include Encore Computer and First International Computer.
He was a Senior Industry Analyst at Dataquest (Gartner Group) covering IT Professional Services for Asia-Pacific.
He moved to Hong Kong as a Network Specialist and later MIS Manager at Imagineering/Tech Pacific.
He holds a Bachelor of Science in Electronics and Communications Engineering degree and is a certified PICK programmer.
