From malware to phishing attacks, financial firms daily face a multitude of digital threats. However, one mistake could keep them from strengthening their cybersecurity.
This multitude of threats is part of the reason why many businesses may fail to implement strong cybersecurity. “There are hundreds of new vulnerabilities discovered every month,” said Diana Moldovan, UKI cyber operations lead at Aviva, the insurance company, when being interviewed for FinTech Global’s new podcast series Women Leaders in Finance.
The threats include the rise of ransomware attacks, malware like the Joker virus that signed Android users to subscription services and phishing attacks. And of course, with new technologies like the introduction of 5G, malicious hackers are bound to keep innovating to fulfil their nefarious plans. “So it’s very difficult to protect against everything,” Moldovan said.
While companies have to decide what they should focus their cybersecurity efforts on, hackers only have to be lucky once. “The attackers only need to find one gap, one blind spot, and they’ve compromised you,” Moldovan argued.
And it is when financial services institutions have to pick the right solution that they risk making one crucial mistake. “It’s not something easy to do actually because there are so many products on the market right now and it’s difficult to choose the best solution for you,” Moldovan explained. “And I think this is one area where businesses make mistakes because sometimes they choose a new technology because they have heard some other company implemented it and they help them with the risk they also have so they can see there will be good to implement the same technology. And this is the wrong way of doing it.”
Instead, she suggested companies should try to figure out what it is that they are really trying to protect. “Understand what your crown jewels are,” Moldovan urged.
Once you have figured that out, she advised banks and other financial services to take stock of the solutions the business already have. “Then do a gap analysis and see what is missing and what is not protected and then choose a technology that will protect you against the gaps,” she continued.
Moldovan continued, “Just choosing a product without doing your research, without talking with your technical people to understand the struggles they have with the current technology [is never going to] lead you to success.”
She flagged one more mistake tech companies make, which is to not include the cybersecurity team from the get-go. “I think security teams are still seen as a blocker in many situation,” Moldovan said. “I’ve seen occasions where a company wanted to push a new product as soon as possible for their customers and they only involved cybersecurity team at the end when they need a signed off, when cybersecurity team said no, they just got [some of it fixed and said they’d fix the rest later]. But this is a dangerous game because there will always be other priorities. This is where gaps are introduced in our infrastructure or in our architecture.”
Moldovan is a speaker at FinTech Global’s Financial Services CyberTech Forum on September 24. This interview was part of FinTech Global’s new weekly podcast series called Women Leaders in Finance. To listen to the full episode and other insightful interviews, just click on the link.
Copyright © 2018 RegTech Analyst