FS collaboration 'needed to avoid SolarWinds 2.0'

The financial services industry must improve collaboration with third party suppliers to improve cyber security practices and technology at the build stage, according to speakers at Sibos 2021, which began online yesterday.

Tim McNulty, group chief security officer at Barclays said the presence of threats such as the SolarWinds cyber attack made it “obvious” that the sector should “adopt a more collective approach” in sharing security knowledge and expertise with suppliers to improve security and resilience.

Speaking during a panel discussion on how to defend financial services companies against other security threats based on malicious code hidden in what appeared to be a software update, McNulty said that suppliers “are becoming part of the infrastructure, so they need to be treated as part of the infrastructure”.

“We need to share enough to make sure that we’re both secure,” said McNulty. “This is an industry challenge and it’s not going away. We need to be more comfortable sharing insights and challenging each other.”

His views were echoed by other panellists. Microsoft chief security advisor Lisa Lee suggested that working closely with suppliers could also help banks and other FS companies broaden their thinking on security strategies and deepen their understanding of future threats.

“We need everybody at the table,” she said. “We need diversity of ideas, we need new approaches. It is useful to look back at previous attacks and see what lessons can be learned from those, but we need to think about what attacks are coming. What attacks are we not thinking about that will happen tomorrow? Where will the attackers be focusing?”

Lee also highlighted the perennial problem of ageing legacy systems in the sector, focusing in particular on the potential for them to contain security vulnerabilities. “I’m constantly shocked at the age of some of the software that people are running,” she said.

Both Lee and Kelly Bissell, global security lead at Accenture, suggested that for small and medium-sized suppliers serving the sector could improve their security posture considerably by making more use of mature, resilient cloud technologies.

“If small and medium-sized businesses can move to the cloud they can get better [cyber] hygiene … [and] lower the cost of securing their environment,” said Bissell.

    Share Story:

Recent Stories

New Business Frontiers
FStech’s Mark Evans discusses the future of financial services with Liu Jianning of Huawei, covering the limitations that current thinking can impose, how financial institutions can embrace technology to be both agile and resilient, and making space for the organisation to focus on the job of creating innovative business models and on delivering business value for their customers.

The Future of Intelligent Finance
FStech Group Editor Mark Evans sits down with Jason Cao, President of Global Financial Services Business Unit, Enterprise BG at Huawei ahead of its Intelligent Finance Summit which was held on 3rd and 4th of June in Shanghai. This Q&A delves into key trends in digital transformation of the financial services industry as well as a look at how data, robotic infrastructure, intelligent storage and innovative technologies are shaping the future for FSIs.

Cracking down on fraud
In this webinar a panel of expert speakers explored the ways in which high-volume PSPs and FinTechs are preventing fraud while providing a seamless customer experience.