Why the Financial Services Industry Needs to Take Cybersecurity More Seriously

The financial services space continues to face an unparalleled threat that is exacerbated by cybersecurity issues. While this trend is nothing new, the complexity of these threats and stakes have never been higher, necessitating a more concerted approach in what is an adapt-or-die industry. Finance Magnates spoke with Stav Pischits, CEO of Cynance and CCL for his perspective on cybersecurity and where we are headed. Mr. Pischits will be hosting a panel on cybersecurity this November at Finance Magnates' London Summit.

Cybersecurity is a growing issue in every industry and vertical. How are the threats today evolving?

Simple answer: Threats are evolving in ever more innovative and threatening ways.

Attackers are looking for more sophisticated ways to beat the expanding cyber protection industry, combining attack techniques, exploiting weaker companies to gain access to larger targets, harnessing trust relationships, and using every world event to gain advantage.

Take ransomware for example. First there was ransomware that encrypted data, making systems unavailable, and for which the attackers could claim a ransom to decrypt it. But as companies become savvier and had up to date backups that meant they didn’t need to pay the ransom to get back up and running, attackers evolved again to steal data before they encrypted it, giving them two bites of the cherry.

It’s worth noting though that some of the oldest, simplest tricks, for example phishing, are still effective. With phishing, attackers have become more inventive, moving from email to text message, to fake push-notifications too. Attackers can keep using them because users are still falling for them.

In terms of the UK market, you are strategically situated to be at the forefront of some of the most pressing issues facing venues today. How can businesses adapt to stay ahead of these threats?

In cybersecurity, if you are standing still, you are in fact moving backwards. Security teams are superheroes, but they can’t do everything alone. They need everyone to play their part to stay ahead of threats.

Management teams need to be committed to their security, continually investing in cybersecurity, and providing resources (read security personnel) to stay ahead of attackers. They also need to set the tone for the whole organisation by promoting security as a priority and as a factor of their success. Finally, they need to empower security teams to be innovative, and be prepared to follow advice and recommendations from security teams.

Security teams need to keep their eye on the ball, understand the wider cybersecurity environment, and how they fit in with it. They need to constantly verify that all security tools are in working order. Finally, they need to be able to communicate with people across the organisation, supporting them to carry out their roles securely, and advising them on how to do things more securely.

All Industries need protection, be it the financial space, payments, brokers, etc. What is your message to companies that have been complacent in this regard or behind the curve in strengthening their cybersecurity measures?

First up, now is a good time to start taking security seriously. The most important message is that if they have been lucky enough so far to avoid a significant cyber-attack, they can’t continue to ride this luck. In the industry we’ve long known it’s when, not if an attack will take place, and that’s true for the very smallest of companies as well as the biggest.

Practically, start with quick wins. Small things like training employees to recognise phishing attacks or set secure passwords can make a big difference. Don’t be afraid to ask for help from outside the company - the chances are your IT team needs help anyway.

Take stock of your security against best practices or a cybersecurity framework which contains the key areas you should be looking at.

Invite security to the management team and listen to what they say. Whatever you did before, security now needs to be central to everything you do going forward.

How has your role prepared you for the current cyber landscape? Do you have any predictions on where cyber threats are headed in the future?

As a cybersecurity professional who advises organisations about the ways to enhance their security posture at my role as the CEO of Cynance, I need to keep my ear to the ground, looking at the latest developments from both attackers and cybersecurity methodologies/ technical research and products alike. This means that I always expect surprises and have developed the skill to constantly learn.

Cyber threats are moving in two directions. On the one hand they are getting more inventive, on the other hand, the old tricks still work. I predict that cyber threats will continue to grow in volume and intensity.

Attackers will continue to search for new ways to exploit loopholes in security. Cross-industry collaboration is a good way to keep up with the pace of adversaries and to be more prepared for the future to come.

Last year I founded CCL (Cyber Club London). We are community of cybersecurity leaders and experts, with exposure to early-stage cybersecurity start-ups and innovation by learning from some of the most innovative startups out there, our members can make better predictions and protect their organisations better.