OPINION: A lack of diligence among digital users is a critical risk for organizations. Given that, how should banks develop their now essential cybersecurity strategy?
One aspect that calls for specific attention in the field of cyber threats, is how to turn digital users into “diligent users”.
Without a doubt, this condition can end up being decisive for any effort, in the public or private sector, to prevent these types of risks. You could say, the lack of diligence can become a critical risk for organizations.
Digital illiteracy – and what it means for security
Some time ago, there was a discussion among experts about the risks that would come with the Internet of Things, and the related emerging threats.
In the end, the only consensus came in defining that a sizeable proportion of users suffer from condition called “digital illiteracy” when it comes to the area of security.
Indeed, one of the main challenges in our field comes from the speed of technological change, with new threats appearing faster than they can be addressed through educating and training these users.
And of course, we cannot ignore the fact that the condition that we call illiteracy in digital security is well known by malicious actors. That explains why today, in 2019, one of the main avenues of digital fraud comes from social engineering and Phishing, both phenomena from the 1990s that remain among the main cyberthreats globally.
A clear example of the gap between diligent users and security mechanisms lies the proportion of personal mobile devices that have antivirus protection installed – despite the fact that users increasingly prefer to surf the internet on their mobile phones, without regard to the fact that it could be a way in for a “technological Trojan”.
You might also like: Cybersecurity teams confront fresh risks amid bank transformation
When we talk about how we should address these types of risks, we can summarize it in four parts: prevention, detection, response and recovery.
In the same way, when we address each of those fronts, we should have a further four factors in mind. These – people, information, processes and technology – operate in a synchronized way. All of this is part of a solid risk management policy.
In the same way, when defining a strategy to prevent cyberattacks, it is important that companies and corporations have an up-to-date methodology that allows them to evaluate risks, define action plans, and monitor their implementation.
Internal control activities are also important, to verify that the mechanisms that have been implemented fully cover the policy, across the chain from prevention through to recovery.
All this requires certain conditions for successful management, with the main variables as follows:
- At the company level, strengthen the institutional culture in security across the organization
- Education and training as the main stage of prevention
- Specialized technology, methodology and talent for managing and responding to crises.
- Strategic communication, both external and internal
- Synergy with the broader cyberthreat prevention ecosystem, which as local, regional and global reach
As a final note, keep in mind that the area of cyberthreats requires us to permanently review our strategies, given that the sector changes with technological advances and user preferences.
José Marangunich is head of the Corporate Security Division at Banco de Crédito del Perú, and President of the Strategic Committee for Security at the Peruvian Banking Association.
September was the year’s busiest month for fintech investment as 17 companies raised a combined US$ 613.5 million.
Finnosummit Mexico 2019: Top takeaways, by Thiago Paiva
Latin American fintech capital raising has topped $1.6 billion this year
Slow advances on cybersecurity regulations have created fertile ground for hackers and other malicious actors
Nubank’s jumbo round & Softbank’s big bet on another digital bank
In a record-breaking month, Andreessen Horowitz made its first fintech investment in LatAm