By now you have probably guessed that I am really interested in SWIFT and cyber security – so when I saw a SWIFT Institute article on SWIFT and cyber security challenges I got pretty excited. I know, I need to get out more…! Anyway, it is an article about a cyber security event organised by the SWIFT Institute and the University of Delaware which attracted 150 experts from across the industry to discuss all things cyber security, challenges, best practices and emerging trends. I recommend reading SWIFT Institute and University of Delaware collaborate on cyber security challenges for an in depth insight into the day event. In this cyber security challenges post, I would like to share with you 7 trends that emerged as I read through the article.
Cyber security challenges:
1. The cyber security threat is not going away…..
As Dr. Starnes Walker (Founding Director of the Cyber Security Initiative at University of Delaware) puts it “the threat is constantly advancing”. In short as technology develops, so too does the cyber security threat
2. Cyber security is a global challenge…
SWIFT’s Chief Technology Office, Craig Young, explained that “..cyber security is an arms race between hackers and financial institutions”. Chris shares that the cyber security has a global impact and affects a variety of industries. Importantly, regardless of the industry target the “means and methods of the hackers remains the same”.
3. The evolution of hacking…
Elizabeth Petrie, Strategic Analysis Director at Citigroup, shared how hacking has evolved:
- From hacking for fun, then to profit and more recently to create havoc
- Hackers have evolved from lone ‘enthusiasts’ in their bedrooms to an organised and collaborative network of hackers
4. The cyber security threat is growing…
Petrie attributed the cyber security threat to digitisation, sharing that there are currently 15 billion devices connected to the internet. Put simply as we connect more devices, a trend that is increasing in momentum across multiple industries, the cyber security threat increases. Inevitably financial institutions will be prime targets since they are intrinsic in everyday processes, the data they possess and of course the money they transfer.
5. Data and Industry Collaboration…
I must admit, I didn’t completely follow exactly what the article was referring to here. They talk about collaboration and information sharing which is all well and good, and would certainly help recognise and enable pre-empting certain threats. But how this collaboration happens and whether it can happen in a timely manner remains a big question mark for me. But the underlying sentiment of lets work together to gather and share data to combat the cyber security threat is a noble goal to strive for
6. Cyber Security is a People, NOT technology, Problem…
This was a really interesting insight about people within an organisation who go on to become threats. Noteworthy cyber security challenges include:
- People within a company have always been threats, technology has provided another channel through which the ever present threat can be deployed
- A person is typically with an organisation for 5 years before they conduct some kind of breach
- David Feather , Honeywell, offered some very interesting advice:
- Make sure you know the people within your organisation, and control their access thereby limiting their potential threat
- As an organisation ensure that you monitor business as usual so that when things are not normal, you know about it
- Benjamin Stone, FBI, proposed that “cyber security is not a technology problem, it is a people problem”!
7. Security complacency…
Again some interesting points were raised:
- Often we focus our security efforts on business critical functions and business critical data. Forgetting some of the daily systems and processes that enable your day to day business to function. Often these overlooked processes can pose real cyber security threats because they open your organisations ‘front door’ to potential threats.
- Threats must be recognised in real time, but doing this is easier said than done
- Primarily because each threat is different – knowing that you’re being attacked and having the right tools and people in place to recognise the threat is a key challenge
Cyber security challenges:
For me this article offers some really interesting cyber security insights from a variety of key people across multiple industries. My key takeaways are:
- Know your environment
- Know your systems
- Know your processes
- Know your data
- Know your people
Your organisation’s security barrier is only as good as your weakest link, and for me therein lies the greatest cyber security challenge. What is your weakest link?