A holistic approach across all areas of a financial institution is required in response to evolving cyber threats, according to a panel of industry experts.
Speaking at the SWIFT Business Forum in London, panellists stated the industry must move away from a “narrow” cyber security strategy to an all-inclusive approach encompassing technology, legal and compliance divisions.
“Historically the breakdown was that we would have a series of cyber security controls and then we would have a series of payment controls so there would be a hard line where the communication between these two divisions stopped ”said Jean-Francois Legault, global head of cybersecurity operations at JP Morgan.
“We need to address this and create an environment in which people know who their counterparties are within the organisation and who they can talk to about cyber security to build a strong relationship where you can pick up the phone and talk about the risks with anyone.
“I was on a panel recently and another speaker said nothing scares him most than walking into an organisation where the cyber security team has never meet the compliance or payments team,” said Legault.
Fellow panellist Gottfried Leibbrandt, CEO of SWIFT, suggested recent cyber attacks, particularly the $81 million hacking of the Bangladesh Central Bank in 2016, had refocused the industry on the changing nature of cyber threats.
Leibbrandt also stated the financial services industry faces threats to its entire ecosystem rather than on an individual institution level.
“The events we saw from the Bangladesh bank brought home that many of the cyber challenges attempt to exploit the ecosystem, not individual links in the value chain,” said Leibbrandt.
“This also means the response has to be from the whole ecosystem.
“What you see in individual institutions is a thinking that has moved from perimeter security to in-depth defence, realising people will get in and then being able to respond.”