It’s the responsibility of a Chief Technology Officer (CTO) of a bank to know where would an attacker try to compromise the security, how to detect it if the security is compromised, and how to quickly respond to contain a breach, says Bryce Boland, CTO – Asia Pacific, FireEye. Inc., in a conversation with Elets News Network (ENN)
Kindly share FireEye’s insight into presentday bank breaches and their impact on the financial system The sky hasn’t fallen on the financial system but our institutions are facing very tough realities in cyberspace. Most cyber attacks are opportunistic and can be relatively easily prevented, detected and contained. Yet there are a number of organised and highly capable financial cybercrime groups which are succeeding on a regular basis. They routinely breach financial institutions. For the top (cybercrime) groups, this is extremely lucrative.
As the CTO of FireEye (in Asia Pacific) how do you view the RBI mandating banks to put in place a cyber security policy?
Policies are useful and this new one is a starting point. But it’s only the beginning of addressing the threats. Policy helps formalise the need for security and risk management within our financial institutions. This can be useful for creating accountability and ensuring there’s governance and no oversight. But the policy cannot replace action. It’s important that processes are in place to direct teams about detecting and responding to incidents.
We regularly see firms, which are policy-compliant, asking us to respond to breaches. Policy only gets you so far.
Having been into IT Risk Management globally for long, how do you perceive the gravity of cyber threat to the Indian banking system?
India’s banks are facing a rise in significant cyber threats. If I were president of an Indian bank, I would want to know if we had been breached. Just because no alarms have gone off, it shouldn’t be assumed threat actors are not existing inside the bank’s systems. I’d want to know where would an attacker try to compromise the bank? How to detect it if they did compromise us, and how quickly can our defenders response to contain a breach?
What guidelines are required to transform an organisation’s security posture?
Guidelines can’t transform a security posture. True transformation takes action. It would be better if we understood how organizations could transform their security posture? We recommend increasing focus on detection and response so that incidents are thoroughly investigated. To fend off advanced cyber attacks, a combination of technology, threat intelligence and expertise is required.
What security suggestions would you give to banks with regard to strategies that work or don’t work?
A good strategy is to assume you don’t know everything and find ways to bring people who can give you an alternate viewpoint—and external perspectives. Leaders need to challenge their IT and security teams. Too often, incidents are covered up, incompletely or poorly investigated, or not detected at all.
How crucial is the role of a CTO in the current scenario?
The CTO can bridge between the business problem and the technology problem. They need to help business leaders understand the technology side of the business, and ensure that technology teams are addressing the right business problems.
The CTO should challenge the existing architecture and strategy for dealing with cyber security threats and show how a change in strategy could better align resources against an evolving threat landscape.
The CTO must understand the strategic decisions of what key terrain they must defend and where technology can be part of the solution. Part of the role of a good CTO is identifying right partners who can bring the capabilities necessary to reach the organisation’s goals.