Cybercriminals are always looking for the next development. As a result, things are about to get even more complicated: triple extortion has arrived. This takes the twostep approach and adds in ransom demands directed at a victim’s supply chain, a common source of vulnerability as the security maturity of each part of a supplier network won’t necessarily be the same. How does IBM Security Services help financial organisations develop robust cybersecurity strategies? Are there any specific frameworks or methodologies that you follow? The financial services sector needs to take a ‘zero trust’ approach to security – a methodology that abandons the idea that you can trust anyone as far as security is concerned. Everyone needs to be re-evaluated and re-authenticated and then given the lowest set of system privileges required for them to operate. This approach also assumes the worst – that a breach is happening – it’s about spotting it rather than thinking, ‘I can’t see an attack, I’m therefore okay’. Zero trust argues that every organisation is under attack – it’s just a matter of how bad it might be. Data breaches and data privacy are major concerns for financial institutions. What steps should organisations take to ensure the security of customer data and comply with regulatory requirements and avoid being hacked in the first place? The burgeoning digitisation of the financial services industry, including the widespread adoption of hybrid cloud, has rightly attracted the attention of regulators and policy makers. As a result, financial institutions need to balance innovation with increasingly stringent compliance and security requirements. For example, the Bank of England is looking at ways to facilitate greater resilience and the adoption of cloud-based services and other new technologies – an approach that combines support for innovation with regulatory oversight. With the rise of cloud computing and remote work, how can financial institutions effectively manage cybersecurity risks in these environments? What are some best practices for securing cloud-based systems and remote access? Financial institutions are among the top targets for cybercriminals because of the wealth of valuable data they hold, which make them a very attractive to cybercriminals. This hasn’t gone unnoticed – businesses are waking up to the notion that standard security measures are not enough in the cloud. To keep customers and proprietary data secure and private, enterprise-grade security innovations, such as confidential computing, are essential. Of course, security in the digital domain isn’t new; protecting internet communication with HTTPS is well established, as is the use of SSL, which was initially applied to credit card transactions but has since become ubiquitous. Confidential computing has the potential to become equally as pervasive due, in part, to the widespread adoption of cloud technology. By ensuring that data is processed in a shielded environment confidential computing makes it possible to securely collaborate with partners without divulging proprietary information. It makes it possible for different “The days of simply locking someone’s data and then demanding a payment in return for the encryption key are long gone.” Banking & Financial Services 22 Finance Monthly.
RkJQdWJsaXNoZXIy Mjk3Mzkz