1 August, 2019
Cyberthreats: The risks are here

OPINION: A lack of diligence among digital users is a critical risk for organizations. Given that, how should banks develop their now essential cybersecurity strategy?

By José Marangunich, Corporate Security Head, Banco de Crédito del Perú


One aspect that calls for specific attention in the field of cyber threats, is how to turn digital users into “diligent users”.

Without a doubt, this condition can end up being decisive for any effort, in the public or private sector, to prevent these types of risks. You could say, the lack of diligence can become a critical risk for organizations.


Digital illiteracy – and what it means for security

Some time ago, there was a discussion among experts about the risks that would come with the Internet of Things, and the related emerging threats.

In the end, the only consensus came in defining that a sizeable proportion of users suffer from condition called “digital illiteracy” when it comes to the area of security.

Indeed, one of the main challenges in our field comes from the speed of technological change, with new threats appearing faster than they can be addressed through educating and training these users.

And of course, we cannot ignore the fact that the condition that we call illiteracy in digital security is well known by malicious actors. That explains why today, in 2019, one of the main avenues of digital fraud comes from social engineering and Phishing, both phenomena from the 1990s that remain among the main cyberthreats globally.

A clear example of the gap between diligent users and security mechanisms lies the proportion of personal mobile devices that have antivirus protection installed – despite the fact that users increasingly prefer to surf the internet on their mobile phones, without regard to the fact that it could be a way in for a “technological Trojan”.

You might also like: Cybersecurity teams confront fresh risks amid bank transformation

Cybersecurity strategies

When we talk about how we should address these types of risks, we can summarize it in four parts: prevention, detection, response and recovery.

In the same way, when we address each of those fronts, we should have a further four factors in mind. These – people, information, processes and technology – operate in a synchronized way. All of this is part of a solid risk management policy.

In the same way, when defining a strategy to prevent cyberattacks, it is important that companies and corporations have an up-to-date methodology that allows them to evaluate risks, define action plans, and monitor their implementation.

Internal control activities are also important, to verify that the mechanisms that have been implemented fully cover the policy, across the chain from prevention through to recovery.

All this requires certain conditions for successful management, with the main variables as follows:

  • At the company level, strengthen the institutional culture in security across the organization
  • Education and training as the main stage of prevention
  • Specialized technology, methodology and talent for managing and responding to crises.
  • Strategic communication, both external and internal
  • Synergy with the broader cyberthreat prevention ecosystem, which as local, regional and global reach

As a final note, keep in mind that the area of cyberthreats requires us to permanently review our strategies, given that the sector changes with technological advances and user preferences.

José Marangunich is head of the Corporate Security Division at Banco de Crédito del Perú, and President of the Strategic Committee for Security at the Peruvian Banking Association.

Found this interesting? Get the latest LatAm banking tech news from iupana every week.

LatAm fintech insights
Get the scoop on how your peers, competitors and clients are using fintech to get ahead. Leave your details to receive iupana's exclusive, in-depth coverage of banking technology in Latin America and the Caribbean in your inbox on Monday mornings. (You can unsubscribe in one-click if you decide it's not for you.)
Español English Português

Webinars on-demand