IT security management, and the Chief Information Security Officer in particular, is growing in profile. This comes as no surprise in our fast evolving digital world as companies across sectors are coming under increasing threat, none under greater threat than financial services. Some estimates for global cybercrime is set cost the world economy more than $6 Trillion by 2021! This figure includes crime related to data breaches/loss, stolen money, lost productivity, fraud, IP theft, forensic investigations, system restorations and most importantly reputational damage.
Damaging your customer relationship has the biggest impact in the financial services industry
When one considers the biggest impact on the financial services industry, reputation harm and losing customer trust is probably the most damaging. Many attacks are not fuelled exclusively by greed or financial gain for the attacker, but rather more sinister emotionally charged reasons.
South Africa in particular is becoming a hunting ground for local and international hackers. This is partly due to our comparatively sophisticated systems, which in turn are handled by less security minded individuals; we’ve never really thought we would be targeted. Add to that, there is a growing domestic presence of phishing and ransomware scams, even consider less sophisticated forms of blackmail via social media.
The customer data risk in financial services
Financial services carry the most accurate customer data, reams of transactional data, sensitive information that can be vulnerable to attack. Security needs an overhaul in many respects, not merely new architecture, but also a holistic change in philosophy across the company.
The role of the Chief Information Security Officer (CISO) will rise to greater prominence in the coming years. Already we are finding that CISOs and Heads of IT Security are being drawn closer to the business, given the opportunity to educate and instil a security first mind-set.
Budgets can always be, and in most cases should be, bigger, but the biggest threat to any business is human failure. To reiterate, the greatest impact on the business is not necessarily the direct financial impact, but the reputational damage in the market. There are several international examples of large corporations crippled in the markets due to reputational damage thanks to a data breach. Governance and regulatory issues are in place to drive these initiatives, and punish those
Putting IT leadership in the spotlight
CISO Africa 2019 puts IT security leadership in the spotlight. CISOs from financial services, being under the greatest scrutiny, have agreed to share their thoughts on leadership, change management and the way forward to addressing these threats.
The main conference takes place on 20-21 February 2019, hosted at the Maslow Hotel in Sandton. Tickets are available here.
Some of the financial services IT security heads you will hear from include:
Julian Ramiah, Group Chief Information Security & Privacy Officer, Liberty
Thelma Kganakga, Chief Information Security Officer, Rand Merchant Bank
Illyas Kooliyankal, Chief Information Security Officer, A Leading UAE Bank
Gus Clarke, Head of Cyber Security, Tyme Digital
Rohan Daya, Information Security Officer, Old Mutual Insure
Key topics to be discussed at CISO Africa 2019:
The Role of the CISO: How should the role of the CISO relate to the CIO and the rest of the board? What will the role of the CISO look like in five or ten years’ time?
AI & Automated Security: Can AI not only identify threats, but also remediate and pre-empt them? Can we build self-learning systems that can ward off all threats? Can AI be used for authentication and access control?
Cloud Security: What are the risks and benefits to migrating to the cloud? Can the cloud improve IT security management? Are you open to using third parties, and do you have a risk management strategy in place?
Blockchain: Can the use of distributed ledgers mitigate threats? Are there limitations of blockchain, and what would be the reality if it were to be adopted globally?
Digital Transformation Security: Are we opening ourselves up to increased threats? How are we protecting ourselves against cyber-savvy criminals?
Balancing Risk with Investment: How much of your IT budget should go towards security? Is there a ceiling to how much investment should be made?
Regulations & Compliance: What are the customer/business challenges for ensuring data security (the integrity of data) and data privacy (control of data)? This topic is so critical we have developed a pre-conference GRC Focus Day to address it.
There will be additional discussions around upskilling teams, security by design, relationships with data analytics teams, IoT security, DevSecOps, access control, remote working and many more probing topics.