In this ‘In Conversation with’ we spoke to Rupert Lee-Browne the Chief Executive at Caxton and discussed the cybersecurity challenges faced by the financial sector.
Rupert: The biggest challenge by far facing the financial sector when it comes to cybersecurity is the general lack of understanding of the implications. Education is needed, it’s the realisation that it is absolutely vital. If companies don’t wake up to the fact that this is a major issue, not just now, but going all the way forward and that they need to create sufficient resilience then those companies will be hit badly.
Another of the biggest challenges, is for chief executives to grab the baton and really run with it because if the chief executive doesn’t believe cybersecurity is an issue in the financial sector then they’re a fool. Getting the message across throughout an organisation must come from the top. Ideally, CEOs should sit on internal security panels and support those tasked with keeping the business secure. If they don’t do that, they won’t know where the threats to their business are coming from and that threat is massive.
Rupert: Its all the usual suspects such as reliability, integrity, is it easy to integrate? Is it good value and well-priced? And does it have great backup and service?
Rupert: At Caxton, we have a number of parties that we’ve identified. We see the threats come from three protagonists; Organised crime, government-sponsored activity and those that hack for fun because they have funny ideas about capitalism. Of the three, the biggest threat by far comes from organised crime.
The biggest risk, however, is entirely in people. So, the issue is not necessarily around the infrastructure but the risk is around the people in a business, From the CEO to the cleaner. It is the ability to make mistakes and errors, the ability to be compromised such as blackmailed or bribed. Or simply down to being a bit of an idiot when it comes to spear phishing attacks, password creation and a lack of a clinical approach to security.
It can be as much psychical as it is digital, such as letting people gain access to a location and I think Mr Trump's recent experience is a classic example. Where a woman carrying malware, infected laptops tried to gain access. These are all significant risks but they are all known risks and at the moment there doesn’t seem to be other patterns or other risks that are currently unknown. The biggest risk is in people and how they behave.
Rupert: It’s about education, it’s about companies in the sector forming their own groups, it’s about passing information between trusted parties and the sharing of resources to ensure that the sector knows the MO of the major threat actors and how to stop them. It should cross-competitive borders.
It’s hard for governments to communicate with business, they have an appalling track record of ensuring that business understands policy and vice versa. They have an appalling record of understanding what business wants and needs. However, the government has a place in terms of promoting information and the forums. The UK government has a very forward-thinking set of departments that are dealing with this and maybe by coming out of the shadows would really help.
Experts that are covered in the media is a very important part of education because they are credible. Experts from the government don’t necessarily have a pitch and are seen as impartial.
Rupert: Understanding where the technology we use is leading us, so at last, there is a question over social media and how fit for purpose their security systems are and whether or not these organisations are fit for purpose for holding vast amounts of data. If we look further ahead and imagine things like quantum computing and the ability for 5G and the next generation of hardware do we fully understand what the implications are.
Cybercriminals are the most innovative in any industry. If you look at what has driven technology it tends to be on the fringes in terms of payments, for example, innovation has been driven by the gaming industry.
If a hacking group attacks a bank or other financial organisation and steals a million pounds that money is not then spent by the criminals to buy a new Ferrari instead, they’re reinvesting that money back into their business model. What you then get are phenomenally successful businesses with a lot of money who can develop new innovative ways of hacking. These are criminal businesses and their investment model if frightening and their effectiveness further down the line is frightening.
If they steal a million, that’s a million-tax free, there are no pensions to pay but if they manage to steal a hundred million, a huge amount of cash their potential to create new hacking innovations is huge.
XQ: Thank you, Rupert.
Caxton has been providing expertise in foreign exchange to our customers since the start of the century. Our currency cards with bank-beating rates and international bank transfer services are used by both private and business customers. We keep ahead of the market with industry-leading mobile-developments and online services. For more information about Caxton and their services visit - https://www.caxtonfx.com/
If you would like to take part in a future ‘In Conversation with’ feature please contact – [email protected]