Speaking on the morning’s plenary panel, Jean-François Legault, global head of cyber security operations at J.P. Morgan, noted that the threat landscape has changed. Malware is targeting wholesale platforms, and criminals are going after higher-value payments, where there is more yield on the crime, he said.
Legault suggested that his focus is on helping the business to innovate and approach risks in a different way. The analysts, who are usually focused on technology and security controls, must also understand the payments space, and communicate with those who work in it.
The future in terms of cyber security, he said, is to bring those resources together to create an environment of controls that will “address the risk holistically”.
This is “an evolution”, as the industry moves towards “better communication” and “integration in the business”.
Another panellist, Baroness Denise Kingsmill, chair of the board at start-up bank Monzo, added that this is the kind of culture that can be built in to such start-ups.
Monzo’s business and cyber security teams are within “shouting distance of each other”, she said, adding that that bank is very “fleet-of-foot” in that respect.
SWIFT CEO Gottfried Leibbrandt suggested that many cyber security challenges arise because “everything is connected to everything”. Cyber criminals exploit the ecosystem, looking for weak points in the whole chain, he said, and so the response should be for the entire ecosystem to work together.
The industry should present an in-depth response with “multiple lines of defence”, accepting that sooner or later a breach will occur, and having processes in place to identify and stop malware when it does.
This does not only involve fixing the weakest link, Leibbrandt said, but taking a full end-to-end view.