Neira Jones on Regulation, Cooperation, and the Future of Payment Security (Part 2)
Date Posted:
Reading Time:
Should we be learning from cyber criminals?
After all, they are great at cooperation and move very fast, something that the security industry often lacks due to the burden of regulation and lack of cooperation, notes Neira Jones, advisor, author and payment security expert.
In a two-part discussion with Dan Haagman, CEO of Chaleit, Neira Jones highlights key challenges in the payment security field and ways to move forward, including the need for better information sharing and a more holistic approach to security and compliance.
Watch the conversation and read the main takeaways below.
Sharing threat intelligence should be more common for the betterment of the security ecosystem as a whole.
Better communication and knowledge-sharing
Cyber security, information security, and fraud prevention teams rarely collaborate within organisations. These groups could better share tools and threat intelligence to help all parts of the business, as discussed more at length in the first part of the conversation.
Externally, the financial services industry, in particular, is still very siloed and does not share threat data as well as it could across organisations. CISOs and other security professionals offer advice about point solutions, for example, but are hesitant to discuss strategy, threat intelligence data, and emerging threats and vulnerabilities.
The reluctance to share crucial information hampers collective efforts to combat cyber threats effectively. Initiatives like the CISP (Cyber Security Information Sharing Partnership) in the UK are helping, but more needs to be done.
Sharing threat intelligence should be more common for the betterment of the security ecosystem as a whole.
Communication is crucial, and we don’t do enough of it, not only externally but also internally, to educate people about phishing and security hygiene, Neira believes.
Despite security advancements and the younger generation’s increased tech savvy, people are prone to social engineering and, surprisingly, still need to be told not to click suspicious links.
Companies need a more holistic approach to cyber security, transcending the siloed nature of compliance-driven initiatives.
The inefficiencies of overlapping regulations
Organisations are improving their protection and should be more operationally efficient, but they are spending more money. Again, this is due to a lack of coordination and a limited view of security.
Payment and financial institutions face a wide range of overlapping regulations, all of which include some cyber security and data protection requirements.
However, the teams tasked with compliance (e.g. PSD2, AML, GDPR) generally do not communicate and coordinate well. This often results in duplicated spend on point solutions.
It’s important to view cyber security through a broader lens, encompassing risk management, data protection, and incident response. By adopting a unified strategy, organisations can mitigate the risk of fragmented security measures and optimise resource allocation.
More transparency is imperative
Faced with the reluctance to cooperate and share important data that can help fight threats more efficiently, regulators should step in and require organisations to send reports.
While probably met with reluctance at first, this type of measure would improve the industry’s overall transparency. It would also allow regulators to draw better conclusions and refine regulations to meet real-world needs and scenarios, Neira explains.
Transparency and information sharing are all the more important as payment fraud continues to surge in all its forms. AI is a force for good, but cyber criminals will continue to leverage it as they are more nimble, more prone to cooperation, and less burdened by regulations.
The law is only for the lawful, Neira concludes, urging organisations to improve cooperation and spending so that they can remain efficient and able to keep up with the rapidly evolving threats.
Be sure to watch Part 1 of this interview and check out our blog and YouTube channel for more valuable information shared by top industry minds.
Stay tuned and subscribe to our newsletter for monthly updates with Eureka moments from top cyber security experts.