Securing the Digital Financial Landscape: Cybersecurity in...
Transcript of Securing the Digital Financial Landscape: Cybersecurity in...
October 2019
Securing the Digital Financial Landscape: Cybersecurity in Financial Services
- presented by Moyo Odeyemi
INLAKS Digital Summit
Digital in action
INLAKS Digital Summit 2019: Securing the Digital Financial Services Landscape Page 2
The World is Changing —Again
29bn Connected “things”
Fourth Industrial Revolution
Today
First Industrial Revolution
Mechanical
1700’s
Technology was steam and water powering the first factories
Second Industrial Revolution
Electrical
1800’s
Electricity made possible the division of labour and mass production
Third Industrial Revolution
Automated
1900’s
IT enabled programmable work and an end to reliance on manual labour
Cyber-physical systems, powered by IoT and fuelled by data, create a fully interconnected society
Unprecedented pace
For a new technology to reach a critical mass
of 50m users
35days
Extreme experiences
Percentage of customers looking for a more seamless experience
87%
Connected chaos
Internet connected “things” by 2020** including sensors,
RFID chips etc.
50bn
Digital natives
By 2025, the makeup of the workforce is projected to be
majority digital native
75%
INLAKS Digital Summit 2019: Securing the Digital Financial Services Landscape Page 3
The World is Changing —Again
… but in the meantime few banks currently consider themselves as either maturing or a digital leader
of banks consider themselves as digitally mature or digital leaders in 2018
15%
Technology investment and digital transformation programs remain high in the agenda of the financial sector…
of banks will invest in technology to strengthen their competitive positioning and build market share over the coming three years
70%
of banks cite implementation of a digital transformation program as a business priority for 2018
85%
of banks expect to become digitally mature or digital leaders by 2020
68%
WHEREAS
2018
2020
ONLY
2018
2018
Most banks are already well embarked on the Digital Transformation journey and are now looking to go further in their use cases but are far from seeing the end of the tunnel
INLAKS Digital Summit 2019: Securing the Digital Financial Services Landscape Page 4
The World is Changing —Again
HyperConnectivity
01
DataCrunching
03
ArtificialIntelligence
05
Process Automation
02Machine Learning
04
More Data
More Speed
Tremendous Risk
“With great power comes great responsibility”
INLAKS Digital Summit 2019: Securing the Digital Financial Services Landscape Page 5
Why cyber security?
INLAKS Digital Summit 2019: Securing the Digital Financial Services Landscape Page 6
In the time it took you to read this, 200 data records were stolen and $28,200 was lost. Those numbers would have tripled by the
time you reach the next slide.
Digital transformation cannot be resisted, your cyber risk only goes higher with your inevitable reliance on technology. Reactive cyber
strategies mean you will not know you have been hit till your enemies are in a different country.
INLAKS Digital Summit 2019: Securing the Digital Financial Services Landscape Page 7
The World is Changing —Again
What is Cyber?Protecting an organisation and its networks, programmes and data from attacks, damage and disruption from internal and external threats
It’s a matter of time before your organisation suffers a cyber attack, resulting in data loss, systems outages and reputational damage. Cyber is no longer just a technology issue, it’s a business issue.
$1trn+the estimated annual economic cost of cyber crime
US$50-$120bnthe estimated cost of damage if a single provider were to be attacked
101the average number of days to spot a global attack
Rising threatsOver 20 billion devices of all types - from refrigerators, vehicles to fitness trackers - are connected to the internet, with millions more being connected weekly. The number of security flaws and vulnerabilities is spiralling
Steve HoltEMEIA FSO Cyber Strategic Leader
INLAKS Digital Summit 2019: Securing the Digital Financial Services Landscape Page 8
The World is Changing —Again
Insights on Cyber Security
92% of malware is
delivered by email
The average ransomware attack costs a company
$5 million
It takes organizations an average
of 191 days to identify
data breaches
25% of organizations
have a standalone security department
87% of executives and
board members lack confidence in their organization’s security levels due to a lack of agility
61% of organizations
have experienced an IoT security incident
INLAKS Digital Summit 2019: Securing the Digital Financial Services Landscape Page 9
The World is Changing —Again
Recent events show organisations are underprepared to face a Cyber attack
INLAKS Digital Summit 2019: Securing the Digital Financial Services Landscape Page 10
The World is Changing —Again
The consequences of a cyber attack can be substantial
Fines
€375min fines issued since GDPR came into
effect
Job Losses
Drop in share value
17%Amount Equifax share price
dropped the day after their data breach was disclosed
30%Of cyber attacks result in job losses
Remediation Costs
$1.4bnCosts of remediation following Equifax data
breach
Reputational Damage
$4mPer company is the cost of lost
business as a result of cyber attacks
INLAKS Digital Summit 2019: Securing the Digital Financial Services Landscape Page 11
The World is Changing —Again
Common challenges we see
Appropriate Governance
Tone from the Top
Effective reporting and MI to aid
decision-making on Cyber
Infusing Cyber Security throughout
the organisation
Eco-system
Risk posed from the supply chain – 3rd
parties/ 4th parties/ nth parties
Journey to the Cloud
Response capability
Roles & Responsibilities
Key Stakeholders
Productive communication can minimise damage of
a cyber event
Getting the basics right
Securing the control environment to limit the impact of cyber attacks
Effectiveness of key controls (e.g. Privacy,
Access Mgt, Data Loss, Patch Mgt)
Innovation
Understanding and harnessing the
potential of developing
technologies (e.g. RPA, AI, Machine
Learning)
Ever increasing Cyber regulatory expectations e.g. CBN Cyber Framework, NDPR, ISO 22301, etc.
INLAKS Digital Summit 2019: Securing the Digital Financial Services Landscape Page 12
The World is Changing —Again
Unsophisticated attackers
(script kiddies)
Sophisticated attackers
(hackers)
Espionage
(malicious insiders)
Nation States
Advanced Persistent Threats (APT)
Ris
k
Attacker resources and sophistication
RevengePersonal gainStock price manipulation
Organised crime
(criminal networks)
Amusement/Experimentation/Nuisance/Notoriety
No direct use, they typically sell to the highest bidderMoney
EmbarrassmentPolitical/social/environmental causes
1980s/1990s
Your enemies have evolved, can you say the same about your methods?
INLAKS Digital Summit 2019: Securing the Digital Financial Services Landscape Page 13
What’s next?
INLAKS Digital Summit 2019: Securing the Digital Financial Services Landscape Page 14
The World is Changing —Again
Only 6% of
organisations say that their information security function
fully meets their organisational needs*
Phishing and Social Engineering
Exploitation of Technology Vulnerabilities
Insider Threat
Fraud and Financial Crime
Identity and Access Management
Cyber / Operational Resilience
Data Protection and Privacy
Monitoring
Regulatory Challenge
Cyber Risk Reporting
Cyber Risk Governance
Cyber Economics
Innovation
Awareness
Skills
Threat Landscape
Control & Monitor
Governance & Compliance
People, Process & Technology
Third Party Risk Management
Cyber is no longer a technology issue, it is a business issue
INLAKS Digital Summit 2019: Securing the Digital Financial Services Landscape Page 15
The World is Changing —Again
Cyber should be a key part of any Digital Change or Transformational programmes
Data and Technology Ecosystem
Intelligent Decisions
Cybersecurity and Business Resilience
Customer Journey
Adaptive Governance
How is your strategy and
operating model designed
to create the foundation for
trust?
How are you empowered to make strategic
decisions?
How do you design and
protect customer
trust?
Will your organization sustain trust through the
biggest tests?
How are you harnessing the power of data
and technology to increase
performance?
The digitally confident and
trusted enterprise
Does your strategy and
operating model
incorporate Cyber Risk?
How does Cyber security
impact strategic
decisions?
How do you design and
protect customer
trust?
How are you harnessing the power of data
and technology to increase
performance?
Will your organization
maintain trust through the biggest
tests?
INLAKS Digital Summit 2019: Securing the Digital Financial Services Landscape Page 16
The World is Changing —Again
COMPROMISEDETECTION
INSIDERTHREATS
THIRDPARTY RISK
SECURITYGOVERNANCE
CYBERSECURITYAWARENESS
PATCHMANAGEMENT
POLICIES/CONTROLS
CLOUDSECURITY
TARGETED ATTACKS
REGULATORYRISK
BUSINESSRESILIENCE
ASSETINVENTORY
Something failed here
How quickly can you find out and execute a response plan?
Have your investigative processes caught up with your technology processes?
Can your teams face a highly sophisticated adversary?
Can they estimate your “casualties”?
It will happen again
Are they prepared for the exact same attack, what have they learnt?
Cyber should be infused into your business
INLAKS Digital Summit 2019: Securing the Digital Financial Services Landscape Page 17
The World is Changing —Again
Does our business strategy effectively
consider cyber?
How do I keep my organization compliant with
the latest regulations?
How do I embed cyber more effectively into our
business processes?
CEO Functional leads
CCO
CISO CRO CAE CDO
Are we attracting and retaining the right cyber
talent?
Where should we focus our time and resources,
related to cyber?
Executive Leadership
How can I more effectively
communicate our cyber risks to the business?
Do we have sufficient cyber insurance?
Are my digital solutions secure?
How well have our systems been built to
prevent cyber attacks?
CIO
CFO
Is cyber integrated into my 3 lines of
defense?
INLAKS Digital Summit 2019: Securing the Digital Financial Services Landscape Page 18
INLAKS Digital Summit 2019: Securing the Digital Financial Services Landscape Page 19
Take ACTION!
INLAKS Digital Summit 2019: Securing the Digital Financial Services Landscape Page 20
Thank You!
Moyo Odeyemi
Region: West Africa
Senior Manager and IT Transformation Lead, EY West Africa
Mobile: +234 812 295 0906
► Moyo is responsible for leading the Technology Transformation capability across EY West Africa.
► Prior to joining EY, Moyo worked at 2 of the biggest technology consulting firms and also spearheaded the operationalization of an Enterprise Architecture function in First Bank
► Moyo has spent over 8 years helping a diverse range of clients define and execute digital and technology transformation agendas
Securing the Digital Financial Landscape: Cybersecurity in Financial Services
INLAKS Digital Summit Presentation