Lindsey Bateman: Keep Your Eyes on the Horizon for Emerging Threats – and New Solutions Artwork

FinCyber Today

FinCyber Today is a podcast from FS-ISAC that covers the latest developments in cybersecurity, contemporary risks, financial sector resilience and threat intelligence. Our host Elizabeth Heathfield leads interesting and challenging discussions with our special guests, who bring practical ideas on how to deal with the cyber challenges in the financial sector, improve your cybersecurity response and build resilience in business.

All Episodes

FinCyber Today

Lindsey Bateman: Keep Your Eyes on the Horizon for Emerging Threats – and New Solutions

July 18, 2024 • FS-ISAC • Episode 20

A financial services CISO’s job is to secure the organization of today and tomorrow. Lindsey Bateman, Chief Information Security Officer at M&G plc, a UK Savings and Investments company, recommends instituting a Security by Default culture to reduce the risks and increase the resilience of financial services institutions today, while keeping an eye on the horizon for emerging threats – and quantum computing is at the top of the list.

Episode Notes

Future Risks: Quantum Computing

The progress of quantum computing development is unclear, but CISOs need to think about the process of changing the cryptography in their organizations, transforming their algorithms, the standards they’ll adopt, and the impact on the business.

Generative AI Expands Your Attack Surface

GenAI is a “juggernaut” embedded in devices across enterprises. CISOs have to make it safe because they can’t stop GenAI usage. A security by design culture helps curb the threats inherent in the adoption of all AI models – such as data modeling – but CISOs need to be involved with AI deployment in business lines and identify threats to models, determine vulnerabilities, and insert the correct mitigations. Still, accurate data is clean, explainable, monitored data and presents an opportunity to incorporate or reinforce security by design in data governance.

Phishing and Deepfakes

Threat actors use AI to create more sophisticated social engineering and information operations. Train employees on the behavioral cues that indicate frauds like phishing and deepfakes. Real-world exercises are effective, as are reinforcing official business communication channels (i.e., WhatsApp is not meant for work).

Identity and Trust

Customers’ trust is the bedrock of the financial system, and identity security increases their confidence, but fraud detection disrupts the user experience. Solutions will take collective action, standardized approaches, and tools that enhance identity security in easy interfaces.

The CISO Role is Changing

What was a very technical position has become a high-profile role in executive leadership. To succeed, CISOs must speak business language and use the right risk frameworks. If aiming for the role, breadth is more important than depth in technical understanding, it helps to be a people person, and it’s good to think carefully about what you want to do – then go for it.