The financial services industry must improve collaboration with third party suppliers to improve cyber security practices and technology at the build stage, according to speakers at Sibos 2021, which began online yesterday.

Tim McNulty, group chief security officer at Barclays said the presence of threats such as the SolarWinds cyber attack made it “obvious” that the sector should “adopt a more collective approach” in sharing security knowledge and expertise with suppliers to improve security and resilience.

Speaking during a panel discussion on how to defend financial services companies against other security threats based on malicious code hidden in what appeared to be a software update, McNulty said that suppliers “are becoming part of the infrastructure, so they need to be treated as part of the infrastructure”.

“We need to share enough to make sure that we’re both secure,” said McNulty. “This is an industry challenge and it’s not going away. We need to be more comfortable sharing insights and challenging each other.”

His views were echoed by other panellists. Microsoft chief security advisor Lisa Lee suggested that working closely with suppliers could also help banks and other FS companies broaden their thinking on security strategies and deepen their understanding of future threats.

“We need everybody at the table,” she said. “We need diversity of ideas, we need new approaches. It is useful to look back at previous attacks and see what lessons can be learned from those, but we need to think about what attacks are coming. What attacks are we not thinking about that will happen tomorrow? Where will the attackers be focusing?”

Lee also highlighted the perennial problem of ageing legacy systems in the sector, focusing in particular on the potential for them to contain security vulnerabilities. “I’m constantly shocked at the age of some of the software that people are running,” she said.

Both Lee and Kelly Bissell, global security lead at Accenture, suggested that for small and medium-sized suppliers serving the sector could improve their security posture considerably by making more use of mature, resilient cloud technologies.

“If small and medium-sized businesses can move to the cloud they can get better [cyber] hygiene … [and] lower the cost of securing their environment,” said Bissell.

Share Story: