Subscribe

Banks must assess IT security spend

Regina Pazvakavambwa
By Regina Pazvakavambwa, ITWeb portals journalist.
Johannesburg, 02 Nov 2016
Banks need to think about how they can work with their counterparts and even competitors to redesign and architect their systems, says BankservAfrica's Chris Hamilton.
Banks need to think about how they can work with their counterparts and even competitors to redesign and architect their systems, says BankservAfrica's Chris Hamilton.

Financial institutions need to assess the effectiveness of their IT security spend and see if it is being well spent.

So said Chris Hamilton, CEO of BankservAfrica, speaking at the ITWeb Security in Finance 2016 event in Johannesburg yesterday.

Hamilton said companies - especially banks - need to focus on how much they are spending on IT security, not just for fixing actual breaches but also for doing preventative work.

According to Cybersecurity Ventures, the worldwide spending on cyber security is predicted to top $1 trillion for the five-year period from 2017 to 2021, he noted.

Hamilton pointed out that the financial services sector is spending a significantly larger proportion of its IT budget on security than other industries.

"This is where the money is from the perspective of the criminal and of course finance is going to have IT security challenge."

Hamilton explained that investments in security focus on increasingly complex solutions, frameworks and technologies but the root causes of security breaches are frequently attributed to basic control failures.

Because of this banks need to prioritise on where to spend IT security money to get the best result, he continued.

Financial institutions need to take the time to think about what the real problem is regarding the security of their systems, rather than just solve the immediate problem in front of them, said Hamilton.

He believes organisations' responses to IT security challenges are sometimes worse than the problems themselves.

Banks need to consider their role in the context of the entire ecosystem and allow these considerations to influence their cyber security strategy and controls selection, Hamilton elaborated.

"They can spend a lot of money on security controls and still not have the best impact that they could possibly have. They need to think about how well trained on security issues the people who have the ability to affect the network are."

They need to think also about the human element - educating the employees and their customers on security, said Hamilton.

Also, banks need to think about how they can collaborate: that is to work with their counterparts and even competitors to redesign and architect their systems, he concluded.

Share