The quantum revolution is coming to the financial sector. Debbie Janeczek, Global Chief Information Security Officer, ING, is preparing for it and says the rest of the sector should, too. She suggests starting with building leadership’s awareness of quantum risks, inventorying algorithms, and developing the skill sets needed for post quantum cryptography. Those moves, among others, will help financial firms be ready when the quantum revolution arrives — and it’s getting closer every day.

Fraud is one of the sector's biggest concerns, but passwords aren’t much of an obstacle to today’s innovative cybercriminals. Biometrics are the next frontier, but how do you get customers to accept the pivot? Susan Koski, Chief Information Security Officer, PNC, has been examining the challenge and recommends managing by facts and known risks, understanding fraud prevention as a cross-sector problem, and remembering that the customer experience has to be central to the post-password cy...

Cybersecurity threats to an institution are no longer limited to the organization themselves, as threat actors launch attacks across the entire supply chain in hopes of disrupting the financial services sector. Managing supply chain risk is top of mind for Ariel Weintraub, Chief Information Security Officer, Aon, who emphasizes that cybersecurity is not a competition, but an opportunity to share best practices and timely information to maintain the resilience of the global financial sector.

The goal of information security is to not react to the change. It's to learn about change in advance. That’s one of the many lessons Meg Anderson, former CISO, Principal Financial Group, has learned after 40 years in cybersecurity. It’s a lesson she’s instilled in her teams, along with the power of saying no, the vital importance of developing a pipeline, and why cyber leaders need business leaders’ trust. Those lessons will help CISOs succeed, even as the cyber landscape changes.

Financial services cybersecurity has its challenges – but it’s also interesting, varied, and just plain fun, says Jochen Friedemann, Chief Information Security Officer at Talanx, the Hanover-based insurance/re-insurance firm. Cybersecurity is also more impactful than it’s ever been, thanks to cyber’s importance to senior management, with more educational and career opportunities than ever before. So though the responsibility is heavy, if you’re thinking about joining InfoSec, this is a great ...

Many financial services firms have such vast hoards of data – much of it unclassified legacy data – that owning it causes more data governance challenges than the information is worth. Olivier Nautet, Group CISO at BNP Paribas, says that firms suffering “infobesity” must approach the challenge cross-functionally, with a view to operational resilience and compliance. Here’s what he says about slimming down safely, effectively, and within regulation. Data decisions: Amassing data – especi...

Identifying and managing risk is fundamental to good governance, says Claus Norup, Managing Director and Group CISO, Euroclear, but that’s only part of the job. Success in a CISO role depends on leadership’s buy-in, the ability to translate information to its audience, and the degree to which the function is embedded in overall governance, among other factors. Still, Norup says that in the end, successful governance comes down to the person in the role. Should you take the CISO job? If ...

Data security regulation is accelerating many firms’ data protection processes, says Karl Schimmeck, Executive Vice President and CISO of Northern Trust. However, complying with multiple jurisdictions’ reporting regimes around privacy, incident disclosures, and decision process documentation can be tough. Rigorous incident management plans and structures simplify things but it’s important to remember compliance isn’t about checking boxes. It’s about reducing risk. Regulation drives dat...

Where cybersecurity and operations converge – as they increasingly do -- financial services firms must view cyber risks as operational risks. That integration is a sign of cyber maturity, says Matt Harper, Aflac’s Vice President and Global Practice Lead, Product Security, and Program Strategy, but it affects the practice of risk management. He advises financial services cybersecurity leaders to learn about the business side and map security processes toward it to the benefit of the overall in...

There used to be weeks between the announcement of a zero-day vulnerability and the next exploit. Now we have days or hours to patch the vulnerability, says Carsten Fischer, Deputy Chief Security Officer at Deutsche Bank. Sometimes threat actors are in the machine even as the patch is being tested. With such a small window of reaction time, mitigation must be faster. Prevention vs. Detection We can’t prevent every threat, but we don’t always have time to patch detected vulnerabili...

Stephen Sparkes has over 30 years of experience in leadership roles across the financial services tech spectrum and is currently Scotiabank’s EVP, Chief Information Security Officer and Enterprise Platforms, and member of the FS-ISAC Board of Directors. Over the years, he says, cyber has become the dominant operational risk, giving CISOs a more prominent leadership role. That role – and the skills CISOs need to succeed – will continue to expand as the threat and business environment evolves.E...

A financial services CISO’s job is to secure the organization of today and tomorrow. Lindsey Bateman, Chief Information Security Officer at M&G plc, a UK Savings and Investments company, recommends instituting a Security by Default culture to reduce the risks and increase the resilience of financial services institutions today, while keeping an eye on the horizon for emerging threats – and quantum computing is at the top of the list. Episode Notes Future Risks: Quantum Computing The...

Third-party providers are often crucial to financial service operations – and a serious cyber risk. For that reason, EU regulators are taking a close look at the digital supply chain. Here, BISO (Business Information Security Officer) at ICE Trading and Clearing, and Chair of FS-ISAC’s UK Strategic Subsidiary Board, Burim Bivolaku talks about the biggest challenges in third-party risk management, how to effectively address them, and why FS-ISAC’s UK Strategic Subsidiary Board helps its govern...

It’s difficult to quantify risk – some CISOs say it can’t be done – but there is a business case to be made for cybersecurity measures and controls (information sharing helps). Beate Zwijnenberg, ING CISO and member of FS-ISAC’s Global and European Boards, explains her approach to quantifying risk and communicating metrics relevant to senior management priorities. And she explains why DORA’s pillars may increase the sector’s resiliency as it matures the supply chain’s cyber defenses.Quantifyi...

The Cyber Risk Institute has developed a cybersecurity framework for the financial sector that is based on globally recognized standards. Josh Magri, CRI President & CEO, talks about the genesis of this framework and how it can help bridge the gap between self-assessment and regulatory compliance, even for financial firms that have operations around the globe.Notes from our Discussion with JoshCRI ProfileThe profile is the Rosetta Stone between cybersecurity frameworks, standards, and reg...

Generative AI (GenAI) is changing the cybersecurity landscape at a phenomenal pace, creating both new challenges and opportunities. As cyber attacks become increasingly sophisticated, preventing them requires information sharing. Ann Barron-DiCamillo, Managing Director and Global Head of Cyber Operations at Citi, talks about the difference between traditional attacks and AI-powered threats. Ann, also the current Chair of FS-ISAC's Board, discusses supply chain risks, the importance of informa...

Episode NotesJayaraj Puthanveedu - MD, Global Head of Resilience, Cyber, and Digital Fraud of BNP Paribas - dives into fraud, what the landscape looks like for financial firms, its impact on customer trust, tips on customer awareness, and much more.Notes from Our Discussion with JayarajFraud Landscape for the CustomerFraud is of utmost importance for the financial sector. It is increasing in both complexity and magnitude. Only about 20% of fraud is reported, making it more difficult to measur...

Episode NotesWith over 20 years of experience as a CISO, Phil Venables, Chief Information Security Officer at Google Cloud, talks about creating an AI framework, key use cases for AI in cyber, Google Cloud joining FS-ISAC's Critical Providers Program, how he approaches operational resilience, and gives advice on how CISOs can maintain work-life balance.Notes from our Discussion with PhilGoogle Cloud’s Security AI FrameworkAI has presented new risks and very specific types of threats. The obje...

Episode NotesDaniel Barriuso, Global Chief Transformation Officer at Santander and Chairman of the FS-ISAC Europe Board of Directors, talks about the importance of addressing cybersecurity globally and holistically, while also taking regional differences into account. He draws on his experience as Global Chief Information Security Officer (CISO) at Santander and his current role to discuss how bigger organizations can collaborate with startups to fight cybercrime.Notes from Our Discussion wit...

While the Board sets up broad policies and priorities for companies, there’s a whole cyber universe that Board members may not fully understand. Jerry Perullo draws on more than two decades of experience, including as CISO at Intercontinental Exchange/New York Stock Exchange (ICE/NYSE), and recently as interim CISO at Silicon Valley Bank, to explain his framework for presenting cybersecurity risks and solutions to the Board.Notes from Our Discussion with Jerry(3:03) - CISOs as Board membersCI...