What are the biggest cybersecurity threats out there and how do you protect against them?

Aldermore Bank’s chief information security officer reveals what the biggest challenges the cybersecurity sector is facing right now are and what the solutions might be.

Hackers have become a huge problem for businesses. From laptop-wielding larcenists trying to get access to customers’ data to malware turning computers into cryptocurrency mines, financial services companies are facing digital threats on a daily basis.

Almost three out of four UK finance firms have experienced an incident in the last year, according to Clearswift, the security firm.

And the threat level is rising. The number of ransomware attacks spiked in the first quarter of 2019. McAffee Labs, the cybersecurity firm, found that ransomware attacks rose by 118% during that period.

Moreover, nearly two-fifths of enterprises have lost businesses due to poor digital defences, according to research from security ratings company BitSight. The same research added that having strong cybersecurity capabilities actually helped improve a company’s financial performance.

Businesses suffering through an attack do not only have to deal with the clients affected, but the consequences could go further. For instance, Capital One recently revealed that 106 million of its accounts had been compromised in a breach. Since then, the bank has faced criticism from politicians, the public and industry experts.

In other words, having strong digital defences is of vital importance for businesses operating in the financial sector.

That’s why it was one of the key things we wanted to address when we recently had a chance to sit down with Becky Pinkard, chief information security officer at Aldermore Bank. The interview was made as part of FinTech Global’s new podcast series called Women Leaders in Finance.

“A lot of the threats right now really have to do with the ease of things like stealing credentials and then trying to [launch] credential reuse or credential stuffing attacks, the ease of setting up cloning websites, phishing websites,” Pinkard said. “[It’s] so simple to misdirect and trick customers.”

As an example, she pointed at TrickBot, a malware that has been infecting victims’ computers since 2016. The program has compromised over 250 million email accounts since then by sending spam that, when opened, spread the virus further. “There’s just lots of different threats that have really evolved that are targeting our vertical targeting, the FS sector,” she says.

So what can be done prevent these risks from turning into a bad situation? For Pinkard, her first answer is to keep educating people. “I always go back to the absolute most non-sexy answers,” she stated.

She has a point. According to Clearswift’s research, 43% of the incidents companies had suffered through were caused by employees’ inability to follow cybersecurity policies.

Instead of focusing on things like blockchain, Pinkard instead encouraged companies to look at fundamental digital defences like having strong password protection, properly patch problems in the infrastructure, identity governance and controlling roles and permissions within your environment. “It’s the simple stuff that we have to do,” Pinkard continued. “And finally getting that right and figuring out how to create these nice solid, stable platforms is what is going to help to, to, to get us over the line as we continue to go forward and build on that.”

That being said, Pinkard believed that there is no one-size-fits-all type of protection that will work against every attack. “Every environment has different needs,” she said. Pinkard explained that many financial services platforms share a similar infrastructure. However, their individual differences mean they would need different responses to different attacks. “Every environment has different accesses and requirements, capabilities, programs, products,” Pinkard continued. “And it is all of those differences that create the complexity that makes it so difficult to just stamp out these foundational capabilities and just roll out, you know, this nice, great [product and say,] ‘Here’s your security foundation, boom, install that. You’re good to go.’”

The cybersecurity industry is also struggling with the challenge of finding the right staff. While there is definitely a prevailing talent gap in the tech sector, Pinkard thought the people hiring might be too rigid in their hiring efforts. “I’ve seen job specs that, you know, look like they were trying to hire a chief unicorn in charge of fairy land,” she joked. “There are no people that exist to fit this kind of role the way it’s been written in some circumstances.”

Instead of finding a candidate that fits right into the hiring manager’s goldilocks sweet spot, Pinkard encouraged these professionals to have more realistic expectations. That also includes dealing with the sexism of the cybersecurity sector. This, Pinkard said, would enable hiring professionals to recruit from a deeper talent pool.

This notion was echoed by Diana Moldovan, UKI cyber operations lead at Aviva, who argued that the sector needs to fight the false stereotypes about men being the only ones able to being coding geniuses. She made the statement in another interview for the Women Leaders in Finance podcast.

Once someone has been hired, hiring professionals in the cybersecurity sector must focus on giving them a proper onboarding experience. “It’s not like buying a bit of hardware and then you shove it into a rack and a data centre,” Pinkard said. “You can’t do that with people. You have to invest in people and bring them into the organization and then they grow.”

Pinkard is a speaker at FinTech Global’s Financial Services CyberTech Forum on September 24. This interview was part of FinTech Global’s new weekly podcast series called Women Leaders in Finance. To listen to the full episode and other insightful interviews, just click on the link.