Incumbents are putting aside religions of old, says cyber firm Veracode
Incumbent banks and investment firms are “put[ting] to one side the religions of the past,” chief technology officer (CTO) for EMEA at cybersecurity firm Veracode, Paul Farrington tells FinTech Futures.
“I’ve seen a shift in perceptions,” the CTO says on how established financial institutions (FIs) have handled cyber threats. With the rise of cloud-native fintechs leveraging the likes of AWS in the last five years, Farrington notes the insurgence of tech-savvy start-ups is “acting as a message to incumbents”.
The historical reluctance for and fear of the cloud has mostly dissipated in Farrington’s opinion. Because “institutions need a heat map of where their assets are” and need to be able to “access a single pain of glass” to respond to cyber threats more quickly, outsourcing to Indian or East European tech companies or jumping between internal silos attached to heavy legacy systems are no longer viable options.
But despite the sea change in technology adoption, there is still a severe lack of multi-skilled individuals out there in FIs.
“People need to wear multiple hats now,” he says, mentioning the promotion of ‘dev-sec ops’ at Veracode – i.e. developers who can write secure code. According to Veracode’s own research, only 25% of computer science students actually have to take application security modules.
This means that by default, most software engineers enter the workforce without being able to write secure code. For Farrington, it’s important to change this so security can be embedded “as [soon as] code hits the keyboard”.
This is what leads him back to the importance of the cloud in solving cyber crime. Although changing attitudes to the cloud is good, better tools and support in development teams specifically is needed so they can design safer frameworks.
“There’s no silver bullet,” the CTO says, admitting that “breaches are inevitable as companies are probed everyday”. But what will help is if FIs address the “grass roots insurgency of dev ops teams demanding tools to go faster”. Farrington believes developers need a stronger vote in the choice of cloud-native solutions they need to work with contemporary platforms.
The state of cybersecurity literacy across the world is still very much on the back foot. Farrington attended a Gartner summit in the summer where an analyst revealed that 2020 will see a deficit of 3.4 million unfilled positions in the field.
This is why in the shorter-term Veracode puts the emphasis on leveraging the human capital already in FIs. The cybersecurity company creates programmes for individuals on secure code and basic threat modelling which it says has seen an 88% improvement in fixed rate of risk because it gives teams access to ‘sec champ’ or ‘sec-literate’ team member.