In this special live recorded webinar presented by The Fintech Times, we explore why fintechs need a Zero Trust approach, with panellists from Royal Park Partners, KPMG and BeyondTrust.
With more cyberattacks reported in 2020 than ever before, it’s no surprise that many “Fintechs” are moving towards a Zero Trust security framework. After all, financial organisations have a lot to lose, well, financially.
Despite knowing that cyberattacks (and Ransomware) are off the charts in recent months, many financial organisations are still leaving large parts of their IT security to trust, without the means to monitor or manage privileged access.
In this webinar, The Fintech Times and a prestigious panel of cybersecurity experts explore how Zero Trust directly impacts financial services, and how a shift to working from home during the pandemic has highlighted a desperate need for Zero Trust within this sector.
Hosted by Richie Santosdiaz, Economic Development Advisor for The Fintech Times,and panellists: Morey Haber, Chief Technology Officer & Chief Information Security Officer at BeyondTrust, John Clark, the Senior Director and Head of US at Royal Park Partners and Deepak Mathur, Managing Director, KPMG.
Our experts also discuss the critical role that Privileged Access Management (PAM) can have in the financial industry, why these organisations are a target, and 3 key tips:
- 1. How & when to engage in Zero Trust.
- 2. How to mitigate risks successfully using Zero Trust strategies.
- 3. How to upgrade from legacy applications and architectures to ones that support.
The session kicked off with Richie asking the panel what is Zero Trust and how it pertains to financial services.
Moray started by saying: “In a nutshell, Zero Trust is not a product, it is a solution or an architecture. It is a methodology to provide authentication using policies and administration for real-time behavioural analysis, regardless of where the connectivity originates or where it is resolved. Essentially you’re not depending on network controls, access control lists or the perimeter for your primary security functions. The ability to connect to any resource anywhere is independent, but the whole model suggests that anything that is authenticated does follow a dynamic policy and anything that is being performed is analysed to determine if the behaviour is correct. Once you get those fundamentals in play then you have to think of what solutions can fit there, what architectures can be used and, most importantly what architectures will not adapt to Zero Trust.”
John added: “I equate it to a brick and mortar bank. You’re a consumer who walks in and wants to access the vault. Well, guess what? You can’t just walk in and go into the vault. You have to be an employee, you have to have the proper access codes – so it’s a very similar functionality of what banks have today on the Zero Trust side as well as fintechs. As Morey said, there are a variety of permissions that need to be put in place in order for people to get into the security system. At the end of the day, you don’t trust anybody inside or outside your perimeters.”
Richie went on to ask the panel why Zero trust is needed now more than ever.
John said: “Our information is becoming more and more accessible to fintechs. Banks have our information readily accessible and it’s becoming more and more evident that cyber-attacks are on the rise. These fraudsters are leveraging very sophisticated, and non-sophisticated, solutions to break into organisations. Criminal networks are organised, and we need to make sure that the tools that are being used in banks are simple enough that these hackers aren’t accessing that information. It could be as simple as putting in a governance policy to ensure that there is two-factor authentication or cloud devices are being monitored correctly – there’s a variety of tools at their disposal.”
Deepak agreed with John and added: “It’s the first question we get asked all the time: Why Zero Trust now? The world around us is changing pretty constantly. We’ve been seeing this digital transformation trend over the past 5-6 years, especially in the financial sector, and I think that brought a lot of new threat factors as well as solutions that require a Zero Trust model.
“I’m sure all of us remember the “bring your own device” programmes that were hit and miss back in the day. A lot of organisations tried BYOD programmes, but now again after we saw what happened during Covid and the push for the “work from anywhere” model, I think BYOD is getting more popular again and Zero Trust can help.
“Last but not least, the ransomware incidents globally everybody is at a consensus now that you need to re-look at your security architecture. The opportunity now is really significant for security professionals and leaders to really look at it from an enterprise perspective and solve enterprise architecture through Zero Trust.”
To bring the webinar to a close after taking questions from the audience, the webinar ended with Morey leaving the audience a “little bit of a reminder.”
He said: “A lot of the concepts we have spoken about today are things around Zero Trust, and if you’re looking for vendors, don’t start with the vendor. This is critical with Zero Trust. Understand your problem, understand where you’re going and then look for the vendors to find the solution. Start with what you’re trying to improve and look for the vendor afterwards, not the other way around.”
