Securing the Digital Financial Landscape: Cybersecurity in...

October 2019

Securing the Digital Financial Landscape: Cybersecurity in Financial Services

- presented by Moyo Odeyemi

INLAKS Digital Summit

Digital in action

INLAKS Digital Summit 2019: Securing the Digital Financial Services Landscape

The World is Changing —Again

29bn Connected “things”

Fourth Industrial Revolution

Today

First Industrial Revolution

Mechanical

1700’s

Technology was steam and water powering the first factories

Second Industrial Revolution

Electrical

1800’s

Electricity made possible the division of labour and mass production

Third Industrial Revolution

Automated

1900’s

IT enabled programmable work and an end to reliance on manual labour

Cyber-physical systems, powered by IoT and fuelled by data, create a fully interconnected society

Unprecedented pace

For a new technology to reach a critical mass

of 50m users

35days

Extreme experiences

Percentage of customers looking for a more seamless experience

87%

Connected chaos

Internet connected “things” by 2020** including sensors,

RFID chips etc.

50bn

Digital natives

By 2025, the makeup of the workforce is projected to be

majority digital native

75%



… but in the meantime few banks currently consider themselves as either maturing or a digital leader

of banks consider themselves as digitally mature or digital leaders in 2018

15%

Technology investment and digital transformation programs remain high in the agenda of the financial sector…

of banks will invest in technology to strengthen their competitive positioning and build market share over the coming three years

70%

of banks cite implementation of a digital transformation program as a business priority for 2018

85%

of banks expect to become digitally mature or digital leaders by 2020

68%

WHEREAS

2018

2020

ONLY

2018

2018

Most banks are already well embarked on the Digital Transformation journey and are now looking to go further in their use cases but are far from seeing the end of the tunnel



HyperConnectivity

01

DataCrunching

03

ArtificialIntelligence

05

Process Automation

02Machine Learning

04

More Data

More Speed

Tremendous Risk

“With great power comes great responsibility”


Why cyber security?


In the time it took you to read this, 200 data records were stolen and $28,200 was lost. Those numbers would have tripled by the

time you reach the next slide.

Digital transformation cannot be resisted, your cyber risk only goes higher with your inevitable reliance on technology. Reactive cyber

strategies mean you will not know you have been hit till your enemies are in a different country.



What is Cyber?Protecting an organisation and its networks, programmes and data from attacks, damage and disruption from internal and external threats

It’s a matter of time before your organisation suffers a cyber attack, resulting in data loss, systems outages and reputational damage. Cyber is no longer just a technology issue, it’s a business issue.

$1trn+the estimated annual economic cost of cyber crime

US$50-$120bnthe estimated cost of damage if a single provider were to be attacked

101the average number of days to spot a global attack

Rising threatsOver 20 billion devices of all types - from refrigerators, vehicles to fitness trackers - are connected to the internet, with millions more being connected weekly. The number of security flaws and vulnerabilities is spiralling

Steve HoltEMEIA FSO Cyber Strategic Leader



Insights on Cyber Security

92% of malware is

delivered by email

The average ransomware attack costs a company

$5 million

It takes organizations an average

of 191 days to identify

data breaches

25% of organizations

have a standalone security department

87% of executives and

board members lack confidence in their organization’s security levels due to a lack of agility

61% of organizations

have experienced an IoT security incident



Recent events show organisations are underprepared to face a Cyber attack



The consequences of a cyber attack can be substantial

Fines

€375min fines issued since GDPR came into

effect

Job Losses

Drop in share value

17%Amount Equifax share price

dropped the day after their data breach was disclosed

30%Of cyber attacks result in job losses

Remediation Costs

$1.4bnCosts of remediation following Equifax data

breach

Reputational Damage

$4mPer company is the cost of lost

business as a result of cyber attacks



Common challenges we see

Appropriate Governance

Tone from the Top

Effective reporting and MI to aid

decision-making on Cyber

Infusing Cyber Security throughout

the organisation

Eco-system

Risk posed from the supply chain – 3rd

parties/ 4th parties/ nth parties

Journey to the Cloud

Response capability

Roles & Responsibilities

Key Stakeholders

Productive communication can minimise damage of

a cyber event

Getting the basics right

Securing the control environment to limit the impact of cyber attacks

Effectiveness of key controls (e.g. Privacy,

Access Mgt, Data Loss, Patch Mgt)

Innovation

Understanding and harnessing the

potential of developing

technologies (e.g. RPA, AI, Machine

Learning)

Ever increasing Cyber regulatory expectations e.g. CBN Cyber Framework, NDPR, ISO 22301, etc.



Unsophisticated attackers

(script kiddies)

Sophisticated attackers

(hackers)

Espionage

(malicious insiders)

Nation States

Advanced Persistent Threats (APT)

Ris

k

Attacker resources and sophistication

RevengePersonal gainStock price manipulation

Organised crime

(criminal networks)

Amusement/Experimentation/Nuisance/Notoriety

No direct use, they typically sell to the highest bidderMoney

EmbarrassmentPolitical/social/environmental causes

1980s/1990s

Your enemies have evolved, can you say the same about your methods?


What’s next?



Only 6% of

organisations say that their information security function

fully meets their organisational needs*

Phishing and Social Engineering

Exploitation of Technology Vulnerabilities

Insider Threat

Fraud and Financial Crime

Identity and Access Management

Cyber / Operational Resilience

Data Protection and Privacy

Monitoring

Regulatory Challenge

Cyber Risk Reporting

Cyber Risk Governance

Cyber Economics

Innovation

Awareness

Skills

Threat Landscape

Control & Monitor

Governance & Compliance

People, Process & Technology

Third Party Risk Management

Cyber is no longer a technology issue, it is a business issue



Cyber should be a key part of any Digital Change or Transformational programmes

Data and Technology Ecosystem

Intelligent Decisions

Cybersecurity and Business Resilience

Customer Journey

Adaptive Governance

How is your strategy and

operating model designed

to create the foundation for

trust?

How are you empowered to make strategic

decisions?

How do you design and

protect customer

trust?

Will your organization sustain trust through the

biggest tests?

How are you harnessing the power of data

and technology to increase

performance?

The digitally confident and

trusted enterprise

Does your strategy and

operating model

incorporate Cyber Risk?

How does Cyber security

impact strategic

decisions?

How do you design and

protect customer

trust?

How are you harnessing the power of data

and technology to increase

performance?

Will your organization

maintain trust through the biggest

tests?



COMPROMISEDETECTION

INSIDERTHREATS

THIRDPARTY RISK

SECURITYGOVERNANCE

CYBERSECURITYAWARENESS

PATCHMANAGEMENT

POLICIES/CONTROLS

CLOUDSECURITY

TARGETED ATTACKS

REGULATORYRISK

BUSINESSRESILIENCE

ASSETINVENTORY

Something failed here

How quickly can you find out and execute a response plan?

Have your investigative processes caught up with your technology processes?

Can your teams face a highly sophisticated adversary?

Can they estimate your “casualties”?

It will happen again

Are they prepared for the exact same attack, what have they learnt?

Cyber should be infused into your business



Does our business strategy effectively

consider cyber?

How do I keep my organization compliant with

the latest regulations?

How do I embed cyber more effectively into our

business processes?

CEO Functional leads

CCO

CISO CRO CAE CDO

Are we attracting and retaining the right cyber

talent?

Where should we focus our time and resources,

related to cyber?

Executive Leadership

How can I more effectively

communicate our cyber risks to the business?

Do we have sufficient cyber insurance?

Are my digital solutions secure?

How well have our systems been built to

prevent cyber attacks?

CIO

CFO

Is cyber integrated into my 3 lines of

defense?



Take ACTION!


Thank You!

Moyo Odeyemi

Region: West Africa

Senior Manager and IT Transformation Lead, EY West Africa

Mobile: +234 812 295 0906

[email protected]

► Moyo is responsible for leading the Technology Transformation capability across EY West Africa.

► Prior to joining EY, Moyo worked at 2 of the biggest technology consulting firms and also spearheaded the operationalization of an Enterprise Architecture function in First Bank

► Moyo has spent over 8 years helping a diverse range of clients define and execute digital and technology transformation agendas

Securing the Digital Financial Landscape: Cybersecurity in Financial Services

INLAKS Digital Summit Presentation

mailto:[email protected]

Securing the Digital Financial Landscape: Cybersecurity in...

Documents

Transcript of Securing the Digital Financial Landscape: Cybersecurity in...