Skip Ribbon Commands
Skip to main content
Sign In

Cyber Transformations: the Conversation Continues

Cyber Transformations: the Conversation Continues
​​​​Last November 19, the last session of Cyber Transformations took place, with a simulation exercise for the regional units of Eastern Europe and Asia. It was the fifth webinar of the series, jointly designed by WSBI-ESBG, the Global Cyber Alliance (GCA), and Thrive with EQ with the purpose of stimulating the internal debate on cybersecurity among the members of WSBI-ESBG, regardless of their size, resources or degree of digitalisation.
 
The origin of this project goes back to a face-to-face training in the WSBI Africa regional group meeting. The original intention of this activity was to show the large display of free resources and guidance offered by the Carnegie Endowment for International Peace (CEIP)’s FinCyber project and GCA’s Cybersecurity Toolkit for Small Businesses.
 
That African session, furthermore, included an addition—a simulation focused on the human side of cybersecurity. This was to be designed by Thrive with EQ, led by the founder Nadja El Fertasi, a former senior executive in NATO's Communication and Information Agency, and a subject-matter expert in emotional intelligence.
 
The emergence of COVID-19 frustrated that conference, but not the essence of the proposal, which, indeed, became even more relevant. The global move to remote working, the accelerated digitalisation undergone by thousands of companies, the unstoppable increase in cyber criminality, and the stress of millions of workers struggling to navigate through personal and professional challenges simultaneously were all solid grounds to go for a more ambitious approach to the Cyber Transformation series.
 
After months of work, Cyber Transformations was finally launched in October as a five-session series of free webinars focused on the corporate cultural transformation required to develop an effective cybersecurity strategy. The two initial ones, on strategy and operations, were open and included an impressive selection of global experts.
 
The session on strategy, held on October 8 and introduced by Mr Chris de Noose (Managing Director, ESBG) and Mr Terry Wilson (Global Partnership Officer, GCA), was addressed to executive roles. The objective was double. First, to reflect on some of the biggest cyber concerns for financial institutions worldwide, namely, authentication (key to secure remote working), email security (email is still the no. 1 vector of all attacks), and the close connections between e-crime and money laundering (a growing problem in a context of increasingly strict regulations). Secondly, to show that transformation is possible but requires strong and continous executive support. ​




​Session Two, on October 20, focused on operations. It offered a transition from basic cybersecurity planning, centered on the key issues of secure email and phishing, to state-of-the-art solutions for critical concerns such as personnel awareness or advanced persistent threats (ATPs). This session also included an overview on the free guidance offered by the multilingual Capacity-building Tool Box (CEIP’s FinCyber project) and the complementary free tools and resources of GCA’s Cybersecurity Toolkit for Small Business.
 



 
The last three sessions, three crisis simulation exercises executed by Thrive with EQ and designed jointly with GCA and the regional units of WSBI-ESBG, were restricted to members of the association. They covered critical concerns for these regions in a unique approach where, by means of an evolving cybersecurity incident and a role-play game, the human and emotional sides of crisis management were tested:
 
  • Latin America: mobile banking
  • Africa: email and mobile banking
  • Eastern Europe & Asia: customer data
 
Interestingly enough, all five sessions—either led by subject-matter experts or by the banking employees participating at the cyber simulations—drew similar conclusions that, eventually, proved the adequateness of the focus chosen:
 
  • Cybersecurity cannot be siloed: even if it is a highly technical activity by definition, its implications and strategies should be organisation-wide and cover all the activities in the financial institution, from compliance to business generation
  • Cybersecurity is everybody’s business: from the top managers to the clerks in the remotest branch, all employees, managers, vendors, clients, and stakeholders should be aware of the most basic cyber hygiene practices
  • Cybersecurity needs leadership to be effective: the deployment of a cybersecurity strategy is a top-down effort that usually involves a full change of corporate culture—it requires authority and leadership (at top executive level) to be fully effective
  • Cybersecurity is a human activity: e-criminals usually resort to ‘the human factor’ to perform their attacks; this is why all cybersecurity strategies should include a focus on analysing and training emotional intelligence and other aspects of human interaction
  • There are lots of resources available: smaller financial institutions are not alone–lots of guidance and free resources are available to assist them in their cybersecurity journey; organisations such as GCA or CEIP can be a perfect first stop to get started.
 
With 174 participants from 32 countries, representing 58 organisations—mostly financial institutions—from a variety of positions and responsibilities, from CEOs to marketing experts, Cyber Transformations had a significant impact.
 
Following the feedback received from many participants, GCA, Thrive with EQ, and WSBI-ESBG are now working to make this impact deeper by means of new, focused sessions that will be arranged globally and locally, virtually and physically, across this new year of 2021.
 
Let’s keep the momentum. Let’s keep the cyber transformation going.


Alejandro Fernández-Cernuda Díaz, Director of Communications and Marketing at Global Cyber Alliance