COVER STORY
can be a key instrument to enhance
public trust in digital services. The need
for security and privacy is no longer
limited to governmental applications or
payment systems.
Staying vigilant and constant monitoring
of the threat landscape must also be
part of the governance. As threats and
attacks need to be communicated and
properly handled across all sectors,
the EU should encourage the adoption
of industry-wide cybersecurity incident
simulation exercises, which will
strengthen the overall cyber-resilience
of Europe.
What are some of the
security implications of being
such a largely established
financial institution?
As Standard Chartered continues
to embrace new and emerging
technologies, we will need to enhance
security in our design methodologies.
For instance, as institutions such as
ours continue to connect more gadgetry
and services to the Internet, the logical
endpoint of our infrastructure will be
extended accordingly. Threat actors
are increasingly exploiting application
programming interfaces, especially
the legacy ones, which were designed
without connectivity to the cloud in mind.
For established financial institutions,
such attacks will continue to mount.
Given our scale and size, we have a
diverse team which we are very proud
of. It’s crucial to create a culture,
across all regions and countries,
where we are able to position the
issue of cybersecurity in a way that
it doesn’t mistakenly get considered
as just a ‘technology issue’ when it
fundamentally involves the business
and people. To ensure that our
employees and clients stay abreast
of developments in cybersecurity and
take the necessary measures to defend
themselves, we will continue to achieve
this via sustained, targeted security
awareness initiatives. Continuous
learning is constantly being matured to
make it more engaging and impactful
via gamified techniques that incentivise
secure behaviour and encourage
www.intelligentciso.com
|
Issue 23
employees to take a proactive role in
maintaining our customer’s trust.
How important is the protection
of consumer data and what
safeguarding practices do you
have in place to ensure this?
The protection of consumer data is a
top priority for us. We use technology
to provide a borderless, reliable and
efficient service, and are committed
to protecting our customers’ and
the bank’s data and assets from
cybersecurity and resiliency threats.
We regularly update our policies,
standards, guidelines and tools to
protect our information assets. These
ensure that cybersecurity risks are
identified and managed in a consistent
way across the group. Our framework
also incorporates comprehensive
control requirements set out by key
regulators in the regions we operate.
We also continually upgrade our security
capabilities to respond to the evolving
threat landscape by partnering with
leading cybersecurity providers and
expanding our security technology,
recognising that everyone plays a role in
cybersecurity defence.
What best practice advice would
you give to someone looking to
become a cyber professional in a
role similar to yours?
To succeed today, one must be in a
constant state of adaptation, continually
unlearning some old rules (but do learn
from the past) and relearning new ones.
That requires continually questioning
assumptions about how things work
and challenging old paradigms. It is the
people who have proactively worked
to expand and diversify their skillsets
who would be the most well placed. The
choice is simple: act or be acted upon.
Collaboration and sharing is just as
important as any technical role. Build
your connections, inspire a knowledge-
sharing culture and it will come full
circle. Be receptive to change and
adopt the new way of working, reduce
risk by shortening the delivery cycles.
Most importantly, do not shy away from
mistakes as the challenges we have
to solve often take several attempts
because they are some of the toughest
in any industry.
What is the most important
lesson you’ve learnt as a CISO?
Collaboration by all means. Firstly
internally, to collaborate with the
business to understand their needs,
priorities and strategy and align our
strategy to be an enabler of their vision.
Secondly, collaborate externally,
including sharing data. Collaborate with
the regulators, peers, governmental
agencies and anyone that can help in
protecting the ecosystem.
Overall, the CISO needs to hold
executives’ attention and build trust
among the board of directors and the
leadership team. u
The choice is simple:
act or be acted upon.
53