The Scotiabank Women Initiative® presented a special Cybersecurity Panel as part of the annual Global Banking and Markets Technology, Media & Telecommunications Conference. Expert panelists discussed timely cybersecurity issues, ranging from risks posed by ransomware to hybrid work to the persistent labour shortage of cybersecurity professionals.
Mitigating risk, ensuring business continuity
During the discussion, Louise Dandonneau, Scotiabank’s Vice President of Cybersecurity Services – whose team works to defend the Bank and its clients from cybersecurity threats – posed challenging questions to fellow panelists, Carey Frey, CSO & VP of Telus; Sami Khoury, Head of the Canadian Centre for Cyber Security (CCCS); and Stanley Sims, CSO & SVP at CGI.
In particular, the group discussed the mounting ransomware threat, by which ‘bad actors’, often organized crime or foreign-based parties, use malicious software to encrypt and lock an organization’s systems and hold its data for ransom payment. With CCCS identifying ransomware as Canada’s number one threat in 2023 and beyond, the panel agreed that companies require ‘people, processes and technology,’ in combination, to protect themselves, since simply buying a security product is not enough.
Panelists also noted that, in addition to performing a vulnerability management program, to identify and mitigate system risks, businesses must prepare for the impact of an attack, when safeguards fail. This requires an in-depth incident management program, to help prioritize which critical systems to recover first, and business continuity plans, to help keep business going, communicate effectively with stakeholders, and be tested and updated regularly.
The group deliberated on the current reality of hybrid workforces, and the potential cybersecurity risks created when employee populations work remotely and connect online to the office. Observing that hybrid work ramped up with the start of the pandemic, the panelists agreed that there remains much work for employers to do, as they are increasingly seeing employees work off-site and carry around their various devices. Companies must clearly explain the new threats and how criminals are poised to trick to gain network access. In this case, ‘people’ are the most important side of the people, process and technology pyramid of cybersecurity.
Noting how she herself sometimes works from her kitchen table, Scotiabank’s Dandonneau explained that, “We all collectively have to work together to improve organizational security, starting with companies training their employees on current and emerging risks and reinforcing safe work practices.”
More professionals, more defences – and it’s up to all of us
Workforce engagement also figured prominently as the panel conversed on the global shortage of skilled cybersecurity professionals needed to help companies build their defences. To remedy the labour gap, each organization described how they are actively recruiting new tech talent, including encouraging STEM (Science, Technology, Engineering and Math) studies among youth to grow their future hiring pipelines. And, many organizations are actively ‘cross-training’ their current IT employees, through development opportunities and work rotation programs, to convert more IT practitioners into cyber professionals.
“Our position is ‘if you are interested in cybersecurity, we are always hiring and we will gladly train you,’” added Dandonneau.
The big picture message from the panel was all about creating strong organizational cultures to ready for cyber threats. In addition to really involving employees (“Everyone plays a part in cybersecurity”), these experts urged organizations to build ‘security and privacy by design,’ not as an afterthought. That means baking security into a new product upfront, rather than bolting it onto a system later.
This advice no doubt resonated with the audience who were warned that increasingly unscrupulous cyber criminals will target all of us, from businesses large and small, to hospitals and schools, or even individuals. Summed up Scotiabank’s Dandonneau: “As business embraces new technology, digitalization, and new ways of interacting with customers and partners, the risks are growing. But there’s so much we can do, each day, year-round, to re-set our thinking and grow our cybersecurity resilience.”
Following the panel session, Louise Dandonneau was joined by Steve Sparkes, Scotiabank’s CISO & SVP, Information Security & Control, for a roundtable discussion for CTOs and C-Suite clients. The roundtable delved into the topics covered during the panel, as well as created a forum for a more in-depth discussion of cybersecurity issues. It was interesting to hear firsthand some of the incidents clients are experiencing in their respective businesses. A key takeaway from the roundtable was to ensure that you’re working as an industry against bad actors. The financial services industry takes this coordinated approach, and it helps the overall industry as threats arise and are dealt with for the benefit of all.
® Registered trademark of The Bank of Nova Scotia, used under license.
Participation in The Scotiabank Women Initiative or any program-related event does not constitute advice or an offer or commitment by Scotiabank to provide any financial products or services.