In a comprehensive exploration of the dynamic cybersecurity terrain, Abul Kalam Azad, Head of Information Security at Eastern Bank, shares invaluable insights in an interview with Augustin Kurian, Editor-in-Chief of The Cyber Express.
With over two decades of expertise in IT audit, risk management, and cybersecurity, Azad illuminates the cybersecurity challenges, trends, and transformative potential in today’s times, particularly within the financial sector.
From the escalating threats of ransomware attacks to the pivotal role of Artificial Intelligence (AI) and the imperative of compliance and risk management, Azad’s discourse uncovers the complex array of cybersecurity challenges and strategies molding today’s landscape.
Azad began by highlighting the vulnerability of the financial sector to cyber-attacks, noting that attackers often target these institutions for financial gain. He pointed out that in recent years, there has been a significant increase in attempts to hack customer accounts and manipulate financial transactions.
He discussed a troubling trend: the surge in ransomware attacks. These attacks not only aim to extort money but also disrupt services by rendering systems inoperable.
Another critical issue Azad touched upon was the breach of customer data. He noted that several large organizations had faced severe consequences, including bankruptcy, due to the loss of customer data.
The conversation then shifted to the role of artificial intelligence (AI) in tackling cybersecurity challenges. Azad expressed optimism about the integration of AI in cybersecurity tools, noting that AI-enhanced systems offer more accurate and timely detection of threats.
He emphasized that traditional security tools are often inadequate in detecting sophisticated cyber-attacks, making AI an essential component in modern cybersecurity strategies.
However, Azad also acknowledged the double-edged sword that AI represents in cybersecurity. He pointed out that the effectiveness of AI depends on how it is used – whether by cybersecurity professionals for defense or by attackers for more sophisticated breaches.
In discussing the broader implications of AI in cybersecurity, Azad highlighted the significant investments being made by companies in AI-driven security solutions. He cited the example of Cyble Vision, leveraging AI to detect and index banking cyber threats.
The discussion delved into the critical role of Artificial Intelligence (AI) in cybersecurity and the significance of compliance and auditing in the financial sector. Azad emphasized the transformative impact of AI on cybersecurity. He pointed out that AI is not just beneficial but essential for detecting and responding to cyber threats more accurately and promptly.
Moving on to threat intelligence, Azad highlighted its critical importance for financial institutions. He stressed that these organizations must be proactive in understanding potential cyber threats, including identifying indicators of compromise (IOCs) and staying informed about emerging attack vectors.
Additionally, monitoring the dark web is crucial for financial institutions to gather intelligence and prevent data breaches and other cyber incidents.
Azad then addressed the importance of compliance and auditing in the financial industry. He outlined the various standards and regulations that financial institutions must adhere to, such as PCI DSS, ISO 27001, GDPR, HIPAA, and SOC, depending on their geographic location and business nature.
To maintain compliance, organizations need to identify relevant regulations and establish checklists for regular monitoring and assessment. He also mentioned the utility of Governance, Risk Management, and Compliance (GRC) tools in aiding organizations to stay compliant. These tools can automate certain aspects of compliance, making it easier for companies to meet regulatory requirements and generate reports.
Azad acknowledged the dynamic nature of cyber threats, emphasizing that strategies effective today might not suffice tomorrow. This constant evolution requires organizations to be adaptive and agile. He observed that while companies are becoming more aware of cybersecurity risks and are proactive in their approach, challenges such as budget constraints and technological limitations can impede their efforts.
Looking ahead to 2024, Azad speculated on the potential changes in cyber threats. He noted the recent increase in ransomware attacks and data breaches, particularly involving sensitive customer data. He predicted that attacks on data would become more frequent, driven by the high value of customer information.
Azad also cautioned that entirely new forms of attacks, currently unimaginable, might emerge, highlighting the need for continuous vigilance and preparedness in cybersecurity.
Concluding the interview, Azad emphasized proactive risk management as essential for creating a safe cyber environment. The interconnected nature of cybersecurity means that a single breach can have far-reaching effects, making it imperative for organizations to identify and mitigate cybersecurity challenges swiftly.