Expert Speak
The Power of Public-Private Partnerships
Written by Jim Richberg, Head of Cyber Policy and Global Field CISO, Fortinet
Cybersecurity is a Team Sport. Today’s technology environment is vastly different from when I retired from federal service. We have seen accelerated movement to the cloud and a shift from largely wired networks to software-defined networks. We’ve also witnessed a proliferation of Internet-of-Things (IoT) devices and dramatic growth in the breadth and power of AI-enabled services.
Layer onto these technological changes the COVID-fueled imperative to enable remote work and off-site connectivity, and the result is that IT and communications are now laser-focused on enabling the connection of users, devices, data, and computing power regardless of where these are located and how they are provided.
Meeting these demands securely is more than any single user, company, or government agency can realistically expect to do alone. At its core, cybersecurity is a team sport. Any good coach tells their team to “talk to each other out there on the field.” Cybersecurity is no different. Cybercriminals talk to each other, actively partnering to bring their specific skills to a criminal enterprise. To keep up, industry and governments must work together to share cyberthreat intelligence and have interoperable cybersecurity tools and sensors. This partnership needs to be multidimensional and multidirectional with collaboration and a two-way flow of information between the public and private sectors and within each sector.
Transparency and Trust
With so much of our lives dependent on or enabled by technology, it is important to be able to trust networks and have confidence in the security of the data flowing across them. Creating a culture of trust and greater transparency is crucial for organizations to make complex cybersecurity decisions and help users make more informed purchases. Consumers need better visibility into key criteria of the technology they use, including where it was developed or manufactured, the manufacturer, and the security posture of the technology.
This focus on trust was evident at the macro communications network level with the ban on certain companies that were deemed a national security threat. As digital technology becomes more ubiquitous, we should be asking the same questions about other aspects of our broader communications networks. Is the router in my home secure? Is my television listening to my family dinner conversations? Consumers need to be able to trust the technology they are using to increase the resiliency of our nation’s cyber posture. Increased transparency will help fuel this trust.
Transparency and trust can be addressed through market forces. For example, although the number of IoT devices in use is growing dramatically, many of these devices lack even rudimentary security capabilities. It can be difficult for even sophisticated consumers to determine which devices have adequate security.
The Human Element
Partnerships should extend to supporting consumers as well. It is not realistic to expect consumers to successfully “go it alone” in understanding cybersecurity. The person using their home computer, the small business owner buying a Wi-Fi access point, and the school administrator purchasing equipment for students all need support.
Addressing the human element is part of our cybersecurity mission. We are working to help build the cyber workforce of the future and ensure that all members of society have cyber awareness and fundamental competence in cybersecurity. We have dramatically expanded our award-winning free training on cyber threats and good cybersecurity practices because educating users at every level is critical to our collective security.
To succeed, efforts with users must begin at a young age and involve partnerships across government, industry, and academia. Fortinet has made significant commitments to this cause through the Fortinet Training Institute. For example, we have committed to training over 1 million new users by 2026 to help close the sizeable cyber skills gap; and we are on track, having achieved over 43% of this goal by the end of 2023.
Cyber Security
The Human Factor: Why Cybersecurity is as Much About People as Technology
Global Entrepreneur Roman Ziemian explores why organisations must prioritise human awareness and culture to build a truly secure future. (more…)
Cyber Security
How Public-Private Collaborations Contribute to Cybercrime Disruption
Written by Derek Manky, Chief Security Strategist & Global VP Threat Intelligence | Board Advisor | Threat Alliances at FortiGuard Labs (more…)
Expert Speak
Combating Advanced Cyber Threats in the Middle East’s Financial Industry
The Middle East’s financial sector is increasingly a target for sophisticated cyberattacks, driven by numerous factors. Mobile financial services, online transactions, and emerging technologies like AI and cloud computing have expanded potential attack surfaces. As a result, according to the World Economic Forum’s Global Risks Report, cybersecurity ranks among the top five global threats over the next two years, with banking systems as key targets.
For cybersecurity professionals working within the sector, the pressure doesn’t end there. New data protection laws, such as the three new policies being developed by the UAE Cybersecurity Council on “cloud computing and data security”, “Internet of Things security”, and “cybersecurity operations centres” demand that financial institutions rigorously protect customer data. However, the increasing sophistication of attacks, driven by AI, often outpaces the requirements of such regulations, let alone the time taken for them to come into force.
All this creates significant pressure on financial institutions to establish a best practice that enables them to secure their operations, reduce vulnerabilities and maintain consumer trust.
The Role of Regulations in Cybersecurity
Regulations heavily influence the financial sector’s cybersecurity strategies, often focusing on risk management. However, while threats evolve quickly, regulations tend to lag and take time to develop.
Traditional corporate security teams can no longer prevent breaches as swiftly as attackers compromise systems, and monitoring tools have limited ability to stop a threat. That’s because the time it takes for attackers to compromise and exfiltrate data is now quicker than the time it takes for an organisation to remediate, which is typically 4-6 days.
With the average data breach now costing around $4.45 million, financial institutions need a proactive cybersecurity strategy, not one that is reactive to regulation alone, including investment in advanced technologies to quickly detect and neutralise threats.
Financial institutions should only view regulatory requirements as a foundational baseline, rather than a comprehensive basis for defence. Within the financial sector, more than any other, proactive, threat-based strategies are essential.
AI: Both a Threat and a Solution
AI is reshaping business functions in financial services, enhancing the customer experience and operational efficiency, but it also introduces new security risks. Today, attackers are using AI for reconnaissance, social engineering, malicious code development and more. These tactics accelerate attacks, making them harder to combat with traditional cybersecurity measures.
Even within the security department, it has become a double-edged sword, aiding both cyber criminals and defenders. While many organisations adopt AI to improve operations, the technology also expands attack surfaces, allowing cybercriminals to automate and scale attacks.
By consolidating security products and shifting to a platform approach, AI-driven cybersecurity solutions can be best utilised to help institutions detect and respond to threats in real-time, protect data and be more agile in response to incoming regulation.
Communicating Cybersecurity Needs
To put the right solutions in place, security teams first need trust and investment and that means taking the cyber challenge to the board. C-level leaders in the financial sector often underestimate their cyber-resilience so effective communication from CISOs and CTOs about cybersecurity risks and investment needs is essential.
Maintaining trust is critical for any business that holds sensitive, personal or critical data. Where financial services institutions rely on reputation, any investment in cyber is a good investment. It means a reduction in risk from cyber attacks, which do carry financial implications, in addition to the fact that an effective security posture carries the potential for funds to be released from a business’s cyber insurance policy.
In the digital financial landscape, robust cybersecurity measures safeguard reputation, customer trust, and operational continuity. As digital transformation continues at pace, banks and other financial entities must embed security into every aspect of their operations – turning investments in AI and cybersecurity innovations into competitive advantages.
-
News1 week ago
CyberKnight Appoints Regional Sales Director for the Gulf Region
-
Cyber Security1 week ago
The Human Factor: Why Cybersecurity is as Much About People as Technology
-
Cyber Security6 days ago
One-Third of UAE Children Play Age-Inappropriate Computer Games
-
Intersec2 days ago
Enhancing Global Security: How Motorola Solutions is Meeting Modern Safety Challenges
-
Cyber Security2 days ago
Group-IB Joins Cybercrime Atlas at WEF to Combat Global Cybercrime
-
Intersec3 days ago
Milestone Systems Outpaces Global VMS Market
-
Intersec5 days ago
Video Interview: Exploring the Future of Data
-
Cyber Security3 days ago
ESET Research Discovers UEFI Secure Boot Bypass Vulnerability