Speed is the new paradigm in security

Channel Post speaks with Sunil Gupta, president and COO at Paladion, regarding the state of cyber security in the financial sector. Paladion is a specialized cyber security company offering end-to-end information security services & solutions. According to Gupta, speed is the new paradigm in security and since getting breached is inevitable, the focus needs to be on being prepared and reacting fast.

Sunil Gupta, president and COO at PaladionThere has been an increase in cyber-attacks in the Middle East. What is the state of cyber threats in the banking industry here?
Last year there was a significant increase in cyber-attacks and the banking industry is usually among the most affected segments of economy. Re-emergence of Shamoon was one of the biggest setbacks and was followed by the appearance of new variants of ransomware around the region. When talking about threats and attacks, we do not expect 2017 to be any different; in fact it can be worse. This rapid increase stems from the fact that in the past few years most banks have not done anything differently when it comes to secure practices. However, the situation is changing now and some of our clients in the region have already adopted our new automated platform.

What are the chief challenges faced by the banking sector when talking about secure practices?
While banks in this region have a very advanced digital strategy in place, the state of the corresponding security plan is not as developed as their digital strategy and this poses a big challenge.

Although, most banks in the region have heavily invested in the latest technologies and also have round the clock monitoring solutions in place. A large number of threat incidences are flagged off every day but most of them may not require immediate attention or action, whereas some may need immediate action, since the detection and response processes are manual, hence there is a delay in responding to these incidences which can lead to a breach in the system and cause an attack.

Further to this finding, shortage of required skill sets is also a huge challenge in the region. It is also observed that in several instances even when banks are able to identify the vulnerabilities, they are not able to implement the required safeguards in a timely fashion because of various reasons and chiefly being either for budget constraints or delayed management approvals.

The only silver lining here is that while this had paved way for persistent attacks from cyber criminals in the past, it is now slowly opening up the doors of board room for CIOs or CISOs in the financial world to convince the management for the adoption of advanced security solutions to negate or minimize the impact of cyber-attacks on their respective organisations.

How does Paladion enable customers to address these challenges?
We have built a first of its kind technology platform, RisqVU which ensures that all end-to-end processes, like active discovery, response and remediation are automated. This platform works to collects logs from multiple sources, prioritises the threats and enables the customer with automatic response.

The RisqVU platform is totally technology agnostic and allows it to work seamlessly with any of the leading security product, solution or technology, which enables our customers to enjoy maximum benefits at the lowest cost and can still take care of all the challenges.

Banking in the GCC has evolved rapidly in recent years providing their customers with the means to digitally organise their financial lives. Has this made the banks here more prone to cyber-attacks?
Absolutely, while on one hand the digital revolution provides banks with the opportunity to provide a better banking experience to its customers. On the flip side, it is also interconnecting all these users by default and this interconnectivity provides the attacker a chance to penetrate from one point while making other users vulnerable to possible attacks, which is why it is of the paramount importance that every bank has a digital roadmap for counter security strategy well in place.

How prepared are the banks in this region for the constantly evolving threat landscape?
There already exists a certain level of awareness in the regional banking industry and this makes the banks quite prepared against most known threats but lack on defending itself against unknown threats. In an era of advanced and targeted attacks in the region getting breached is inevitable. Hence, banks need to be equipped to detect a potential threat and attend to it in a timely fashion.

Considering the ever evolving threat landscape, I view implementation of security as a continued journey and banks need to adopt the latest solutions and services in the market to stay ahead of the curve and our automated solution, like RisqVU, provides the next logical step in this journey.

Are the banking institutions here ready to reveal perceived or actual security weaknesses to competitors?
Most banks have been attacked at one time or another. But when it comes to sharing details of an actual or perceived breach, banks are hesitant in sharing information as most feel that the risks of sharing outweigh the benefits. The reasons why banks are hesitant is fear of losing clients, tarnishing the brand image and overall business loss.

In other regions, CIOs do create social groups to share information informally so that they can keep abreast of the threats and take preventive measures when they can. However, active sharing of such information is not a common practice in the Middle East region at present.