At the conference Cybersecurity in the financial sector the 21 & 22 September, Lance McGrath, chief security officer in Danske Bank will give a presentation. The presentation is about modern and future security capabilities, and how Danske Bank manages the rapidly evolving threats.
Before the conference, you can read an interesting interview with Lance here.
What is your background and professional experience within cybersecurity? And how do you work with cybersecurity on a daily basis?
I have been working in cybersecurity for 25 years, having consulted with and worked for some of the largest organizations in the world. Currently, I help protect the financial infrastructure of a very significant portion of Nordic society in my role as Chief Security Officer at Danske Bank.
Which challenges do you see as the biggest within cybersecurity in the financial sector right now?
The financial sector has always been amongst the most exposed to cyber threats. And let’s be honest – robbing banks was a “thing” long before the advent of cyber! But while our ongoing march of digitization presents magnificent opportunities to better serve our clients, it also broadens our attack surface, meaning we have exponentially more to protect. At the same time, the criminals and other threat actors are becoming ever-more professional and capable in their approaches, and access to talent in a sector with burgeoning demand is increasingly constrained.
What keeps you awake at night in relation to cybersecurity in the financial sector?
A good security type sleeps with a good pair of sneakers on. But while criminal threats remain a huge factor in anyone’s threat profile (think ransomware and the like), nation states are a growing concern. They have always had the capability, but amongst the invasion of Ukraine and geopolitical conflicts, we see a growing level of government-induced threats in cyber space. As a society, we must expect increasing disruption in our daily digital lives due to a.o. hostile governments, and as organizations we must spend increasing efforts in ensuring our resilience and that of the financial system.
What does the future look like for cybersecurity? Will there be other challenges and opportunities in the future?
Fortunately, the cyber security industry is likewise evolving. Better, quantitative approaches to understanding our risk exposures are being developed and can help the industry apply by-nature limited resources in a prioritized fashion to an almost infinite problem, thereby getting the most bang for our buck. Advanced encryption algorithms are being developed to protect against the threat that will occur if and when quantum computing ever takes off – current algorithms will be rendered obsolete overnight. And of course, machine learning and artificial intelligence holds the if-as-yet-unrealized promise to revolutionize the detection of novel attacks.
How has last year’s crises with the pandemic and war in Europe affected your work in the sector?
In a way, these two events have crystallized in the minds of everyone else the fears that security folk have always had. The human mind is not, as a general rule, wired to understand risk; but once events have materialized, they become easier to understand, talk about and justify protection against. While my time at Danske Bank has always been characterized by a tone of “do what we need to do to be safe”, I find that conversations with stakeholders outside the bank have become less about “is that really necessary” and more about “are we doing enough?” This is a healthy development.
What are you talking about on the conference cybersecurity in the financial sector and what do you hope the participants get out of it?
Sharing is caring, and the reason why we meet and talk about this is that it makes it easier for us to combat cybercriminals if we work together, so I will select the topics, which I think will add value to you. While we’ll take a brief look at what good practice means in security, and we’ll explore what the future looks like, the simple fact is that cyber security is a rapidly evolving and hard-to-predict field.
The only thing we know for sure is that the threat actors are going to continue to do their best to attack us, and we need to play our A-games in order to keep our customers safe. My intent in this conference is not to make non-specialists into experts or to explain to you what your security program needs to look like, but to give inspiration by way of explaining to you what we experience is important and where our future investments need to lie. If you take a single point home for further exploration in your own company, I will consider this time to be time well spent.
Do you want to hear more from Lance about cybersecurity?
At the Cybersecurity in the financial sector conference the 21 & 22 September, Lance will give a presentation about the top 5 capabilities that are needed to manage the current threat landscape. Read more about the conference here and sign up here.