Financial institutions must consider personnel, physical security and technical security when safeguarding their data and operations against cybercrimes.
“You must look at all three as a combined piece, especially if you think about that personnel piece in a hybrid environment,” Sue Gordon, former Principal Deputy Director of National Intelligence, said at the recent CBA Live event in Las Vegas. “How are you making sure that [hybrid or remote employees] are part of the team, that they’re not disenfranchised, that they’re included in the mission and that they feel passionate?”
Companies also cannot solely rely on technology to protect the business, Gordon said. “We never make technology do all the work,” she said. “Get the workforce involved. Create a culture where security is part of [the] mission.”
The financial industry is focused on building a system based on trust, a crucial step in protecting against cyber assaults, Gordon said. “Totalitarian regimes don’t have the same concerns that we do about systems that don’t have integrity,” she said. “It’s free and open societies that count on the integrity of your systems to be free and open. There is no one more important to me than [industry personnel] being trustworthy.”
Organizations must also limit employee access, Gordon said. “That’s hard when you’re fighting for talent … but you have something big at stake here,” she said. “The [Federal Communications Commission] is now putting burdens on public companies to assure that they are properly addressing cybercrimes.”
Companies should have exercises in place to determine where they are at risk related to cybersecurity, such as practicing what to do during a ransomware attack, Gordon said. “The only thing you can do is to understand the risks to your organization, and then figure out a path to risk management,” she said.
Auto Finance Summit East, Auto Finance News’ new spring event, is set for May 10-12 at the JW Marriott Nashville featuring a fireside chat with Peter Muriungi, CEO of Chase Auto. Visit autofinance.live.