On Thursday, 12 October 2023, the Bank Association of Slovenia hosted a Digital Transformation and Security Challenges roundtable discussion. One of the speakers was also our CTO, Grega Prešeren, accompanied by representatives of Slovenian banks, the director of the IT section at the Chamber of Commerce and Industry of Slovenia, and the director of SOC at Telekom Slovenije.
As security testers, we have insight into the cybersecurity challenges that IT security managers face in financial institutions and other industries. This has allowed us to provide an attacker’s perspective and highlight the critical elements in establishing a higher level of cybersecurity. Two of the discussed topics are summarised below.
Banks are already subject to regulation and standards and consequently have to implement measures contributing to a higher level of cyber security. Particularly in the post-COVID era, the term “cyber resilience” is increasingly gaining ground. Frameworks such as NIST and CIS can help organisations enforce and control actions and build resilience. Both regulation and these frameworks anticipate security tests; however, only a simulation of a cyber-attack in the form of a Red Teaming exercise will show how resilient your organisation truly is. Based on our experience, a well-designed phishing attack is still a winning ticket for access to the internal network.
Not only in the banking sector but also in other industries, weak passwords and social engineering are still a burning issue. Furthermore, banks have found themselves in an incredibly challenging position here, as digitalisation and e-commerce have forced them to play a dual role. Not only do they strive to raise security awareness among their employees, but they are also increasingly educating their customers on how to respond to social engineering attempts. At this point, we touch on the broader area of raising awareness among the general public, from primary school onwards.
Events such as this roundtable offer a different perspective on the subject and give us all starting points for rethinking and discussion.