Episode Notes
A financial services CISO’s job is to secure the organization of today and tomorrow. Lindsey Bateman, Chief Information Security Officer at M&G plc, a UK Savings and Investments company, recommends instituting a Security by Default culture to reduce the risks and increase the resilience of financial services institutions today, while keeping an eye on the horizon for emerging threats – and quantum computing is at the top of the list.
Future Risks: Quantum Computing
The progress of quantum computing development is unclear, but CISOs need to think about the process of changing the cryptography in their organizations, transforming their algorithms, the standards they’ll adopt, and the impact on the business.
Generative AI Expands Your Attack Surface
GenAI is a “juggernaut” embedded in devices across enterprises. CISOs have to make it safe because they can’t stop GenAI usage. A security by design culture helps curb the threats inherent in the adoption of all AI models – such as data modeling – but CISOs need to be involved with AI deployment in business lines and identify threats to models, determine vulnerabilities, and insert the correct mitigations. Still, accurate data is clean, explainable, monitored data and presents an opportunity to incorporate or reinforce security by design in data governance.
Phishing and Deepfakes
Threat actors use AI to create more sophisticated social engineering and information operations. Train employees on the behavioral cues that indicate frauds like phishing and deepfakes. Real-world exercises are effective, as are reinforcing official business communication channels (i.e., WhatsApp is not meant for work).
Identity and Trust
Customers’ trust is the bedrock of the financial system, and identity security increases their confidence, but fraud detection disrupts the user experience. Solutions will take collective action, standardized approaches, and tools that enhance identity security in easy interfaces.
The CISO Role is Changing
What was a very technical position has become a high-profile role in executive leadership. To succeed, CISOs must speak business language and use the right risk frameworks. If aiming for the role, breadth is more important than depth in technical understanding, it helps to be a people person, and it’s good to think carefully about what you want to do – then go for it.
FinCyber Today
FinCyber Today is a podcast from FS-ISAC that covers the latest developments in cybersecurity, contemporary risks, financial sector resilience and threat intelligence.
Our host Elizabeth Heathfield leads wide-ranging discussions with cybersecurity leaders and experts around the world who bring practical ideas on how to confront cyber challenges in the financial sector, improve incident response protocols, and build operational resilience.
Amid the clutter and noise, FS-ISAC Insights is your go-to destination for clarity and perspectives on the future of finance, data, and cybersecurity from C-level executives worldwide.
© 2024 FS-ISAC, Inc. All rights reserved.
