On November 19, 2020, the last session of Cyber Transformations took place with a simulation exercise for the regional units of Eastern Europe and Asia. It was the fifth webinar of the series, jointly designed by WSBI-ESBG, the Global Cyber Alliance (GCA), and Thrive with EQ with the purpose of stimulating the internal debate on cybersecurity among the members of WSBI-ESBG, regardless of their size, resources, or degree of digitalisation.
The origin of this project goes back to a face-to-face training in the WSBI Africa regional group meeting. The original intention of this activity was to show the large display of free resources and guidance offered by the Carnegie Endowment for International Peace (CEIP)’s FinCyber project and GCA’s Cybersecurity Toolkit for Small Business.
That African session, furthermore, included an addition—a simulation focused on the human side of cybersecurity. This was to be designed by Thrive with EQ, led by its founder Nadja El Fertasi, a former senior executive in NATO’s Communication and Information Agency, and a subject matter expert in emotional intelligence.
The emergence of COVID-19 frustrated that conference but not the essence of the proposal, which indeed became even more relevant. The global move to remote working, the accelerated digitalisation undergone by thousands of companies, the unstoppable increase in cyber criminality, and the stress of millions of workers struggling to navigate through personal and professional challenges simultaneously were all solid grounds to go for a more ambitious approach to the Cyber Transformation series.
After months of work, Cyber Transformations was finally launched in October as a five-session series of free webinars focused on the corporate cultural transformation required to develop an effective cybersecurity strategy. The two initial webinars on strategy and operations were open and included an impressive selection of global experts.
The session on strategy, held October 8th and introduced by Chris de Noose (Managing Director, ESBG) and Terry Wilson (Global Partnership Officer, GCA), was addressed to executive roles. The objective was two-fold. First, it reflected on some of the biggest cyber concerns for financial institutions worldwide, namely authentication (key to secure remote working), email security (email is still the number one vector of all attacks), and the close connections between e-crime and money laundering (a growing problem in a context of increasingly strict regulations). Second, it showed that transformation is possible but requires strong and continuous executive support.
The speakers in this session included:
- Lisa Lee, Chief Security Advisor and Global Lead for Financial Services, Microsoft
- Rois Ni Thuama, Head of Cyber Governance & Ambassador for GCA, Red Sift
- Nicola Staub, Co-founder and CEO & Ambassador for GCA, cybera. global
- Ján Adamovský, CSO & CISO, Slovenská sporiteľňa (SLSP), Erste Group
- Tim Maurer, Co-director of the Cyber Policy initiative, Carnegie Endowment for International Peace (CEIP)
The second session on October 20th focused on operations. It offered a transition from basic cybersecurity planning centered on the key issues of secure email and phishing, to state-of-the-art solutions for critical concerns such as personnel awareness or advanced persistent threats (APTs). This session also included an overview on the free guidance offered by the multilingual Capacity-building Tool Box (CEIP’s FinCyber project) and the complementary free tools and resources of GCA’s Cybersecurity Toolkit for Small Business.
The speakers in this session included:
- Shehzad Mirza, Director of Operations, GCA
- Pablo López-Aguilar, Head of IT & Cybersecurity, APWG.eu
- Tim Maurer, Co-director of the Cyber Policy initiative, CEIP
- Nina Paine, Global Head Cyber Stakeholder & Government Engagement, Standard Chartered Bank
- Dr Almerindo Graziano, CEO, Silensec
- Nathalie de Seras, Information Security & Culture Director, CaixaBank
The last three sessions, three crisis simulation exercises executed by Thrive with EQ and designed jointly with GCA and the regional units of WSBI-ESBG, were restricted to members of the association. They covered critical concerns for these regions in a unique approach where, by means of an evolving cybersecurity incident and a role-play game, the human and emotional sides of crisis management were tested:
- Latin America: mobile banking
- Africa: email and mobile banking
- Eastern Europe & Asia: customer data
Interestingly enough, all five sessions—either led by subject matter experts or by the banking employees participating at the cyber simulations—drew similar conclusions that eventually proved the adequateness of the focus chosen:
- Cybersecurity cannot be siloed: Even if it is a highly technical activity by definition, its implications and strategies should be organisation-wide and cover all the activities in the financial institution, from compliance to business generation.
- Cybersecurity is everybody’s business: From the top managers to the clerks in the remotest branch all employees, managers, vendors, clients, and stakeholders should be aware of the most basic cyber hygiene practices.
- Cybersecurity needs leadership to be effective: The deployment of a cybersecurity strategy is a top-down effort that usually involves a complete shift in corporate culture; it requires authority and leadership (at top executive level) to be fully effective.
- Cybersecurity is a human activity: E-criminals usually resort to ‘the human factor’ to perform their attacks; this is why all cybersecurity strategies should include a focus on analysing and training emotional intelligence and other aspects of human interaction.
- There are many resources available: Smaller financial institutions are not alone–significant amounts of guidance and free resources are available to assist them in their cybersecurity journey; organisations such as GCA and CEIP are good places to get started.
With 174 participants from 32 countries, representing 58 organisations (mostly financial institutions) from a variety of positions and responsibilities (CEOs to marketing experts), Cyber Transformations had a significant impact.
Following the feedback received from many participants, GCA, Thrive with EQ, and WSBI-ESBG are now working to make this impact deeper by means of new, focused sessions that will be arranged globally and locally, virtually and physically in 2021.
Let’s build on the momentum. Let’s keep the cyber transformation going.