<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=306561&amp;fmt=gif">
Skip to content

4 Biggest Cybersecurity Challenges in FSI – and Tips to Overcome Them

State Trustee’ Sandeep Taileng: Navigating the Financial Services Cybersecurity Issues by achieving value for money, managing risks and opportunities, and embracing people, process, technology and data

In this article, we chatted with the Information Security Leader of State Trustee, a State Government owned company and the Public Trustee for Victoria, Sandeep Taileng.

Sandeep’s career in technology spans over 20 years. He has expertise in leading diverse teams, designing data-driven security strategies, and ensuring compliance with international standards.

Passionate about building robust and integrated approaches to cybersecurity, he has implemented programs for ISO27001/2, the Australian Privacy Act, the Security of Critical Infrastructure Act, and PCI-DSS compliance.

He has also developed and maintained comprehensive security frameworks, policies, and processes, while working across different regions and industries, helping clients manage their growth while navigating security challenges.

“Over the past two decades, I've had the privilege of becoming a leader in complex cybersecurity environments. My focus has been on proactive risk management, building strong relationships, and providing valuable insights to senior leaders,” says Sandeep.

We asked him to share his perspectives on key cybersecurity issues for financial services institutions, and strategies to navigate them.

 

1. Demonstrating the Value of Investments

 

Sandeep thinks securing enough funding for cybersecurity remains a key challenge across many sectors, including FSI.

“It's crucial to demonstrate the value of these investments with clear metrics that business stakeholders can understand and use to govern security strategies effectively,” Sandeep says.  

“In short, it's about achieving value for money in cybersecurity. Additionally, the constant updates in regulations and the emergence of new technologies create a "fear of missing out" for businesses. They want to embrace new technology, but there's often limited guidance on how to do so securely,” he says.

 

2. Achieving a Consistent Cybersecurity View

 

The biggest hurdle is often the perception of cybersecurity being solely an IT issue or a business problem. This leads to confusion regarding accountability and responsibility.  

“Cybersecurity covers technology, data, physical records, and digital information across the entire organization, suppliers, and external partners (including government agencies). This creates a complex picture for achieving a consistent cybersecurity view across departments,” Sandeep says.

 

3. Overcoming Cybersecurity Silos

 

Sandeep stresses that overcoming cybersecurity silos isn't a one-size-fits-all solution, but the key is breaking down silos and working collaboratively.

“We can leverage the concept of a "risk ribbon." Imagine a risk as a ribbon that flows throughout the organization, touching various departments and processes. We need to visualize this ribbon, identify its potential impact, and centrally manage the teams, controls, and resources needed to mitigate it,” Sandeep says.

“For example, adopting AI offers strategic benefits but can also impact business processes, infrastructure use, supplier partnerships, and employee training. Managing this risk/opportunity at the enterprise level, not within individual departments, fosters better collaboration and ensures a better return on security investments,” he says.

 

4. Balancing Record-Keeping and Security

 

For Sandeep, the challenges with balancing record-keeping and security fall into four categories: People, Process, Technology, and Data.

“There's a shortage of skilled record officers that are familiar with the ever-evolving regulatory requirements for record-keeping,” Sandeep says.

“These requirements often vary significantly by region, making it difficult to find qualified personnel if they haven't worked in a specific location. Additionally, regulations are often detailed but open to interpretation by individual organizations. They were primarily designed for physical records, and as businesses shift to digital storage, the regulations haven't kept pace. This creates a gap where record-keeping processes are fit for paper but not for digital records.”

“Technology also presents hurdles. Effective record management requires a dedicated platform, not just relying on collaboration tools. This means additional investment, skill management, and integration complexities. Finally, data discovery and management are crucial for efficient record-keeping. Knowing where records reside is essential for governing them in line with record management guidelines,” he says.

 

Tips for Striking a Balance

We asked Sandeep to share his thoughts on how CISOs can find a sensible approach to navigating these challenges.

He thinks organizations should start with what they can control using existing tools and technologies as they have little influence over changing regulations.  

“The focus should be on data discovery and governance tools. This not only helps with record-keeping but also promotes data hygiene, which is key for building efficiencies and adhering to other regulations like CPS234, ISO27001, NIST, and ISM,” Sandeep says.

He also suggests reviewing existing policies and ensuring processes cover both physical and digital records.

“If local regulations lack clarity, explore guidance from other regions or the free resources offered by record management software companies. Joining record-keeping groups is another great way to share knowledge and best practices,” Sandeep says.

“Finally, finding the right team members for record-keeping roles is essential. Team members can be upskilled from existing roles in risk, control, or compliance. Various regulatory bodies offer specialized training and certifications to enhance skillsets,” he says. 


Sandeep Taileng will be speaking at CISO Melbourne 2024 and sharing his experiences on effective compliance practices and influencing human behavior to reduce cyber risks. To find out more about his session, check out the agenda and register to attend, simply click this link