Fostering the culture of security in technology organisations and business lines

The financial sector is a critical infrastructure sector, alongside communications, food, agriculture and healthcare. As such, the importance of protecting the sector from cyber risks is immense. We often don’t fully appreciate the value of critical infrastructure until it’s unavailable. For most critical infrastructure sectors, this means the focus needs to be on restoring their services in the event of an outage. However, for the financial services sector - one of the industries most targeted by cyber criminals - the situation is even more complex.

Elena Kvochko, cybersecurity and technology executive who built her current career in the financial services industry believes the emphasis within many industries that is usually made around access and connectivity of systems should be shifted to security. Answering our questions about her journey in cybersecurity, Elena told us more about her own path.

“I started my career in telecommunications technology and its implementation, working to make the world more connected and open. At the time, I was working on large-scale telecom infrastructure projects in emerging economies at the World Bank Group. I saw a great amount of focus and investments in bringing connectivity and new electronic services to previously offline communities. While those efforts brought about new opportunities to millions of people, I hadn’t seen a similar focus on making these new services secure. It was this realisation prompted my stronger focus on cyber security.

I worked at the World Economic Forum where my role was to build better cyber security partnerships and create new ways of addressing global issues that no one company could solve alone, such as assessing the scale and the impact of cyber attacks. I was an Affiliate Fellow at Harvard Law School, Berkman Klein Center for Internet and Society that focuses on the study of cyberspace and Internet-related legal issues. I then moved to the financial services industry as I joined Barclays as the Head of Global Information Security Strategy and Implementation and then became CIO of the security function at Barclays, where I worked on implementing next generation security models and controls. With my colleagues, we developed a new model of implementing cyber security that we called

“holistic security” and worked on supporting next-generation security companies solving complex problems through projects, such as Barclays and Techstars Accelerator. I was excited to deepen my knowledge of the financial services industry and continued my career in the industry.”

“Every business today is a technology business.” Organisations today need to keep up with technological trends if they want to stay relevant. Elena says: “We all welcome continuous innovation; Not only because it makes our lives better, but because as users, we are inclined to trust the technology we rely on every day. But just like in the physical world, no system or solution can be absolutely secure. Unlike the binary components of computer code, cyber security is not black or white, right or wrong; it is a spectrum of colours that depends on the assets you are protecting, the controls you are building and the threats you need to consider.”

Indeed, in the financial services industry, the stakes are high. According to Gartner, advanced analytics, chatbots, virtual personal assistants, artificial intelligence, intelligent automation services and robotic automation processes are increasingly integral to how financial services firms support more effective customer service models, and potentially reduce operational costs:

“If we are not careful, we risk having the benefits that emerging technologies bring diminish as potentially insecure products, projects and infrastructure make us vulnerable to attacks.”

Elena cites data that has shown that most security breaches happened due to negligence or through known vulnerabilities, and therefore are preventable by focusing and assessing all aspects, namely people, process and technology. And this is what security professionals help enable.

Although we are moving from security awareness into implementation, there is still a lot of room for improvement. There are many opportunities cyber leaders can explore to conduct business securely and deliver on their promises to customers, while still innovating fast. And Elena is very clear:

“Security is not optional; and should never be an afterthought.”

There are many critical steps to take to defend, detect, react and have a holistic perspective of assets. 50 years down the line, Elena hopes “people will be working together to design technology with multiple perspectives in mind, in which solutions will be both technical and behavioural.”

So, who will these cyber leaders of tomorrow be? “Fast changing industries like technology and cyber security attract dreamers, people who want to make an impact, innovate and contribute. We will still be facing social challenges, but their resolutions should be aided by implementing ethical and sustainable solutions”, as well as creating a culture in which cyber security is directly embedded.