Today’s businesses are truly interconnected, with multiple systems communicating with each other. However these critical connections provide many potential areas for cyber criminals to access networks.</p> Adopting isolation techniques and turning off outside connections may help protect against cyber attacks, but without these connections a business simply won’t survive.</p> All infrastructures face this challenge and are looking to reinforce cybersecurity. At a cyber session at the recent SWIFT Business Forum in London, 53% of the audience agreed there is a need to reassess internal controls, processes and current thinking on the subject.</p> Earlier in the day, the opening plenary panel had pointed to the importance of cyber controls and payment controls coming together. </p> Panellists discussed a ‘supply chain of criminality’, where some are creating increasingly sophisticated malware to sell to others. They saw the necessary response as a hybrid of controls that looks at the end-to-end picture and informs risk-based decisions. </p> An encouraging sign, they said, is that cyber teams now have an increased understanding of the payments space as a result of increased collaboration. But there is more to be done. Collaboration and information sharing are just the start of the journey, not the end.</p> The importance of security hygiene </strong></h3> Last year’s Sibos Big Issue Debate on cybersecurity highlighted that about 85% of cyber breaches can be prevented through basic hygiene practices like data encryption, using modern security software, staff training and multi-factor authentication access to sensitive data and servers.</p> </p> </p> </p> If an organisation is breached, having robust response and recovery plans in place and exercised can help minimise the impacts. Cybersecurity is a board level and senior management issue, and organisations need to have a culture of best practices when it comes to addressing cyber issues.</p> Speakers at the Business Forum advocated three levels of intelligence – network defenders (who know what to watch out for), an operations level, and a strategic level. Boards need to ensure that cyber resilience plans are part of an organisation’s DNA.</p> Protection, but at what cost?</h3> Implementing and maintaining a comprehensive cyber defence strategy goes far beyond purchasing a few firewalls. Businesses need to accept this, and there is a growing appetite to absorb these costs. Getting better at quantifying risks and introducing new business models can help to offset these outlays.</p> For smaller organisations, it may be unrealistic to adequately protect everything given cost constraints – so panellists advocated a strategy of identifying and defending core operation processes. Don’t become spread too thin. As Frederick the Great said, ‘he who defends everything defends nothing.’</p> Organisations should also collaborate with, and learn from, other stakeholders. There needs to be a strong alliance between banks, their technology partners and governments with an agreement on what information to exchange under what circumstances.</p> These issues will be further explored in the Technology stream at Sibos 2017.</p>