FS collaboration 'needed to avoid SolarWinds 2.0'

The financial services industry must improve collaboration with third party suppliers to improve cyber security practices and technology at the build stage, according to speakers at Sibos 2021, which began online yesterday.

Tim McNulty, group chief security officer at Barclays said the presence of threats such as the SolarWinds cyber attack made it “obvious” that the sector should “adopt a more collective approach” in sharing security knowledge and expertise with suppliers to improve security and resilience.

Speaking during a panel discussion on how to defend financial services companies against other security threats based on malicious code hidden in what appeared to be a software update, McNulty said that suppliers “are becoming part of the infrastructure, so they need to be treated as part of the infrastructure”.

“We need to share enough to make sure that we’re both secure,” said McNulty. “This is an industry challenge and it’s not going away. We need to be more comfortable sharing insights and challenging each other.”

His views were echoed by other panellists. Microsoft chief security advisor Lisa Lee suggested that working closely with suppliers could also help banks and other FS companies broaden their thinking on security strategies and deepen their understanding of future threats.

“We need everybody at the table,” she said. “We need diversity of ideas, we need new approaches. It is useful to look back at previous attacks and see what lessons can be learned from those, but we need to think about what attacks are coming. What attacks are we not thinking about that will happen tomorrow? Where will the attackers be focusing?”

Lee also highlighted the perennial problem of ageing legacy systems in the sector, focusing in particular on the potential for them to contain security vulnerabilities. “I’m constantly shocked at the age of some of the software that people are running,” she said.

Both Lee and Kelly Bissell, global security lead at Accenture, suggested that for small and medium-sized suppliers serving the sector could improve their security posture considerably by making more use of mature, resilient cloud technologies.

“If small and medium-sized businesses can move to the cloud they can get better [cyber] hygiene … [and] lower the cost of securing their environment,” said Bissell.

    Share Story:

Recent Stories

The Future of Intelligent Finance
FStech Group Editor Mark Evans sits down with Jason Cao, President of Global Financial Services Business Unit, Enterprise BG at Huawei ahead of its Intelligent Finance Summit which was held on 3rd and 4th of June in Shanghai. This Q&A delves into key trends in digital transformation of the financial services industry as well as a look at how data, robotic infrastructure, intelligent storage and innovative technologies are shaping the future for FSIs.

The Rise of Instant Payments
Instant payments are creating new business opportunities for banks by providing more touchpoints than ever. With these evolutions underway, Featurespace brought leading industry experts together to discuss how they are protecting customers from fraudsters in real time, utilizing innovative and disruptive solutions to reduce fraud. Click here to find out more.

Offloading Cyber Risk in the Cloud
As cyber attacks and data breaches are in the news on an increasingly regular basis - with regulatory penalties and customer trust on the line for financial services firms - it has never been more crucial to be compliant in the cloud.

This video, with Akamai’s EMEA director of security technology and strategy Richard Meeus, will help explain what your company can be doing to make sure it’s not embroiled in the next big fine or front-page scandal.