Intelligent CISO Issue 13 | Page 46

industry unlocked opportunities for bad actors and malicious insiders to compromise systems. Embed security culture through training Even financial institutions with the best technological defences can be unwound by a social engineering attack. Along the same lines, security policies can be redundant if staff don’t receive the necessary training or are not motivated to follow them. Employees should be made aware of all the possible threats to gain an understanding of what they are defending against. Guidelines should be issued to all staff, for example with information on how to spot phishing emails or the dangers of accessing company data on public Wi-Fi networks. 46 Regular training and refresher sessions will be key to embedding security and vigilance within company culture, to make safeguarding data a priority and help staff to be both the first and last lines of defence. Given what’s at risk, banks and financial organisations simply cannot allow security to be an afterthought. Banking is going through a period of huge change, with Open Banking and PSD2 being some of the biggest shake ups to the industry in years, which brings new opportunities for innovation – as well as threats. Organisations cannot risk overlooking the basics of training and staff awareness, nor can they underestimate the power of effective authentication and password management policies to keep the business and customers safe. u Financial institutions can also seriously benefit from leveraging advanced offensive security, such as penetration testing and ‘red team’ exercises to improve visibility and security awareness across the organisation. Issue 13 |