The financial industry has long relied on compliance as the cornerstone of its cybersecurity approach. But as cyber threats become increasingly sophisticated, there’s a growing consensus that financial institutions need to collaborate more actively, not just within their sector but also across different industries. Beate Zwijnenberg, Chief Information Security Officer at ING, shares her insights into this evolving landscape1.
The Evolving Threat of Cyber Attacks and Fraud
Zwijnenberg did not mince words when discussing the risks that ING faces, stating, “We’re most concerned about the catastrophic impact a ransomware attack could have on the business in general and the systemic risks related to that – she told to Finextra.
It not only harms our customers and ING, but also the larger financial ecosystem.” ING, like many other financial organizations, is bracing for these large-scale attacks that could reverberate across the entire financial landscape.
In terms of fraud risks, criminal organizations are escalating their tactics. “They are becoming more and more sophisticated, for instance, in their development of phishing campaigns which are much more difficult to detect,” Zwijnenberg said. With the increased use of technology like QR codes, criminals are evolving their methods to perpetrate more effective attacks.
Understanding the Cyber Landscape
Zwijnenberg argues for a comprehensive understanding of the landscape that financial institutions are operating in. This involves recognizing the types of criminal organizations targeting your company and keeping tabs on third parties that might be compromised. She said, “It’s good in the identify space if you understand the landscape that you’re operating in. Understanding what kind of criminal organisations are targeting you as a company but also, monitoring third parties if they are breached or attacked.”
The Necessity for Cross-Sector Data Sharing
Zwijnenberg emphasized the importance of data sharing among financial institutions to better understand the tactics, techniques, and procedures (TTPs) used by cybercriminals. She believes that sharing data and intelligence across sectors can lead to more effective cybersecurity strategies. “If you’re capable of sharing data, and intelligence, amongst each other, you’re in a better place to find a strategy. So learning from each other and leveraging knowledge,” she advised.
She further insisted that data sharing should not be confined within the financial sector. Telecommunications, cloud, and internet providers also have a role to play. “You want to also share across sectors because you want to learn the other types of attacks,” Zwijnenberg added.
Beyond Banking: A Collective Responsibility
While cybersecurity remains a significant challenge for banks, Zwijnenberg posits that the problem extends beyond the financial world. She emphasized that other sectors, such as telecommunications and social media platforms, also have a role to play. “A lot of social engineering starts, for instance, with people capable of creating a fake LinkedIn account. If you look to what I expect from telcos, but also from those platforms, they play a key role in understanding what is the identity behind the identity,” she concluded.
- https://www.finextra.com/newsarticle/43188/ing-ciso-says-data-sharing-is-key-to-financial-cybersecurity ↩︎