With sudden lockdowns like the one that was enforced last week in Melbourne, we are well-aware of the unpredictability of the pandemic. Many companies are in and out of remote workstations, bringing with this a compelling case for the need to integrate security within other departments.
We often discuss the countless ramifications of the sudden move to remote work. We’ve discussed how it has opened businesses up to many vulnerabilities as the number of attack vectors increase. We have explored the role each employee plays in safeguarding company data.
We’ve even discussed how CISOs are transforming their role to safeguard teams and operations to improve financial security during challenging times.
These views open up another discussion—the need to foster a culture of security in the banking industry.
It has everything to do with making banking cybersecurity a part of broader enterprise risk management. It highlights the need to include the C-suite in efforts to improve banking cybersecurity.
The C-suite, generally, understands little about cybersecurity and provides CISOs limited support. There’s consensus that this needs to change for organisations to become better at safeguarding their data and systems.
In a financial atmosphere, why is C-suite support necessary to protect company data and systems? How can CISOs gain the support of the board to improve strategies that do just that?
We continue to hear news of different data breaches almost every day. With hundreds and thousands of customers seeking online banking services from networks that may have weak safeguards, CISOs are facing unprecedented challenges.
The National Australia Bank even reported a 78% increase in fraud attempts and 33% increase in estimated loss during May and June last year. These are a testament to the importance of positive security behaviour, both by employees and customers.
We cannot control how customers behave when using financial services. We can, however, improve the knowledge and skills of employees to help them perceive the importance of cybersecurity across the board.
If this knowledge and awareness are ingrained within the culture, employees will have the tools and the ability to protect themselves. A security culture like this can even evolve and influence people’s behaviours.
The challenge, however, is not creating and maintaining a security culture. It is influencing people to take the right actions in the face of a cyberattack.
The only way to get through that dissonance and to get employees engaged in banking cybersecurity is to get support from the very top.
CISOs will continue to spearhead the execution and development of the security programme in financial services.
The participation of the C-suite will encourage CISOs to adjust these programmes and align them with broader business plans and strategies.
One likely companion who could support the success of these efforts is the COO of each company. As a direct link to the CEO, the COO can provide the authority needed to advocate for greater security and demonstrate how it impacts employees, customers, and company services.
The COO is not the only one that needs to serve as a security advocate, however.
All C-level executives have a critical role to play in encouraging employees to participate in establishing a strong security culture. Given their associations with different stakeholders in the organisation, they can share insights into improving your security programme.
One of the best ways to set the right security standards is to gain the support of top management. In effect, it boosts your organisation’s commitment to cybersecurity and creates a security culture that is tailored to specific requirements.
This then empowers employees to feel a sense of shared responsibility around their role in banking cybersecurity. This can only be achieved, however, if the organisation’s C-suite becomes a trailblazer of security, particularly in the current threat landscape.
As the pandemic continues to influence finance cybersecurity, everyone, across the entire organisation, must work towards securing the workplace.