Oliver Blower, Voxsmart’s CEO, caused more than a few people to sit up and take notice at the conference on global business expansion in London last month. Oliver was speaking during a session on securing financial services and told the audience:
“There’s more and tighter, protection applied to a $5 burger sale in virtually any McDonald’s outlet than there is to some multi-million deals on trading floors.”
Having captured the audience attention, Oliver outlined just what he meant, explaining that McDonald’s have video cameras monitoring staff at tills and also capture and record till key strokes that can be matched to the images.
“Any till that consistently underperforms can be monitored and double-checked – in real time if necessary – to see what is happening and how the cash is leaking. Staff making mistakes or committing a crime can be shown the evidence and then be trained or dismissed as appropriate,” he explained.
“Meanwhile, on some trading floors across the world, all a trader has to do to commit an undetected fraud of potentially millions of dollars is pick up their mobile phone and make a call,” said Blower as he praised the role of the European regulators looking to tighten via MiFID II the regulations governing financial trading.
Joining Oliver on the panel, some of the experts in Cyber-crime and security argued that technology had to provide the answers quickly because regulation was too slow-moving to be an effective protection.
“Talking about regulation for security is an oxymoron,” said Simeon Coney CSO of Adaptive Mobile. “Regulation moves too slowly and criminals move too quickly for that to be the solution.”
Oliver sympathised with the view but also stressed the role regulation had to play in securing services.
“First – it can insist on minimum standards,” he said. “For example, regulation can enforce, and then technology can enable, that all a trader’s mobile calls and messages are automatically monitored, recorded and available for analysis.
“Second, it can be used to determine and set liability. If the regulation states clearly that that MDs will be responsible for the indiscretions and misdemeanours of their staff, that will serve to concentrate the mind when it comes to investing in the right levels of security to protect shareholder and customer interests,” Blower explained.
“And lastly,” he added, “it serves as a massive deterrent to the fraudsters, because of the increased risk of being detected, and that as a result helps to manage risk for the organisations concerned.”
The panellists agreed that removing the ‘easy play’ was a strong first step, and Raimund Genes, CTO at Trend Micro emphasised that high-level security included a concentration on watching out for the new attacks, the unknown threats. “We shouldn’t have to worry about things that shouldn’t happen – things that regulation and minimum standards can help prevent,” he said.
Meanwhile, Daniel Kornitzer, CPO of payments company PaySafe stressed that banks and other financial services providers needed to understand the nature of the threats and risks that they face. “Unless you understand the threat to the transactions, you can’t apply the protection,” said Daniel.
Oliver agreed but also talked about striking “the right balance between instant delivery and high-end security – those two goals are not always compatible.”
As the thought-provoking session drew to a close, Oliver left the audience with one final message to chew over. “Banks need to realise that they no longer manage money,” he said, “that’s not really their business today. Banks manage data.
“That means banks need expertise in managing and securing all types of data – from the keystrokes their staff make on the laptops, to the conversations they have on their phones,” he concluded.