industry unlocked
opportunities for bad actors and malicious
insiders to compromise systems.
Embed security culture
through training
Even financial institutions with the best
technological defences can be unwound
by a social engineering attack. Along
the same lines, security policies can
be redundant if staff don’t receive the
necessary training or are not motivated
to follow them.
Employees should be made aware
of all the possible threats to gain
an understanding of what they are
defending against.
Guidelines should be issued to all staff,
for example with information on how
to spot phishing emails or the dangers
of accessing company data on public
Wi-Fi networks.
46
Regular training and refresher sessions
will be key to embedding security and
vigilance within company culture, to
make safeguarding data a priority and
help staff to be both the first and last
lines of defence.
Given what’s at risk, banks and financial
organisations simply cannot allow
security to be an afterthought.
Banking is going through a period of
huge change, with Open Banking and
PSD2 being some of the biggest shake
ups to the industry in years, which
brings new opportunities for innovation –
as well as threats.
Organisations cannot risk overlooking
the basics of training and staff
awareness, nor can they underestimate
the power of effective authentication and
password management policies to keep
the business and customers safe. u
Financial institutions
can also seriously
benefit from
leveraging advanced
offensive security,
such as penetration
testing and ‘red team’
exercises to improve
visibility and security
awareness across the
organisation.
Issue 13
|
www.intelligentciso.com