Here’s a round-up of day one of the two-day Bank Security 2021 conference and exhibition, BSEC21, by RBR in London. Pictured is the first speaker, Andy Giles, chief security product owner at the Nationwide Building Society.
Andy described five trends for the next couple of years: briefly, they are – digital transformation (‘act now’, and include security within product design, was his advice); on ransomware, he warned that the cyber-crime is here to stay and the basics – such as good cyber hygiene and recovery options – still offer the best defence. As numerous well documented cyber attacks have shown, your suppliers can be your weakness. That led Andy on to ZT (zero trust).
But underpinning everything, he added, are skills – or rather, the difficulty in finding them; a common refrain in the sector. He suggested that for internal growth you shop around for skills. If you don’t plan for tomorrow, and if you have a short-term mindset about skillsets, ‘we will fail to build skilled teams,’ he warned. He urged the audience to contribute to collaborations, to drive the best possible collective intelligence about cyber threats, to keep the financial services sector, society, ‘and frankly, UK plc’ safe in the years to come. Further to that point, in reply to a question from the floor, Andy said that while some may see cyber as a competitive advantage, he feels that doing cyber is a collaborative effort.
Speaking next was Jason Maude, chief technology advocate at Starling Bank, an entirely app-based and online, branchless, bank. He has a software engineering background and took as his subject for his talk the often assumed conflict between security, and speed of delivery of products and services. He recalled the famous quote of Facebook founder Mark Zuckerberg, ‘move fast and break things’ – not something that banks necessarily want to do, as they look to keep customers’ money safe.
While engineering principles worked for physical building of a bridge, for instance, Jason explained why it has proved not so for software. Hence his argument for zero trust – not as a buzzword, but as a software-architectural and cultural policy, across your systems, ‘to perform the mistrust that you need’.
Arguably the most thought-provoking talk of the day was by Paul Maskall of the Dedicated Card and Payment Crime Unit (DCPCU); that’s funded by the banking and finance industry and is made up of officers from the City of London and Metropolitan Police forces, and the trade association UK Finance. He ranged over the human sciences and emotions; and how humans can have an arbitrary response to risk. That has implications for how such crimes as cyber and fraud are treated by the media in the news, and regarded by the public, both in terms of importance and what to do about the risks.
Ilia Kolochenko, CEO & Chief Architect and founder of ImmuniWeb, and Mauricio Tucci, ATM Logical Security Executive Manager, TecBan, were among remote speakers; from Switzerland and Brazil respectively.
A return speaker – but returning for the final time, before he retires – was West Midlands ROCU (regional organised crime unit) detective Adrian Roberts, who gave an update on physical crime – thefts of and from cashpoint (ATM) machines. He gave detailed examples of such thefts, typically at night against ATMs whether at petrol stations, supermarkets and other retailers or rail stations, and warned that those crimes were coming back, after they fell sharply during the pandemic. He spoke interestingly of how and why crimes against ATMs may have dropped during coronavirus.
Day two
While today’s speakers are largely from overseas, UK-based speakers are Tom Chothia, Reader in Cyber Security, University of Birmingham; Dan Sutin, Senior Director and Head of Europe and Asia Pacific Distribution Alternate Solutions Group, CIBC; Rogelio Aguilar, Deputy Head of Global Data Protection Operations, BNP Paribas; and Anthony Gibbons, DevOps Lead, Virgin Money. For the agenda, visit https://www.rbrlondon.com/conferences/bsec/agenda/. The event is co-located with a sister event on ‘branch transformation’. While the event may have come in the nick of time to attract visitors from abroad, UK attenders came from such high street names as Barclays, HSBC and the Post Office, besides the Nationwide.
In 2022, the events are due to split as pre-covid; Bank Sec 2022 is due to run in London on October 4 and 5.
