Q: It often seems that the news is full of stories of data breaches and cyber attacks. Just how dangerous is the current state of cybersecurity – in particular, for the U.S. financial services world?
Selim Aissi: It’s a real problem. As the financial ecosystem becomes increasingly digitized and interconnected, it becomes more vulnerable to cyber attacks and unauthorized access. We’ve seen many financial institutions targeted by attacks that have been reported in the media, but they aren’t alone.
We’re seeing a myriad of types of attacks in the financial space. They range from cyber criminals looking for financial gain, whether through theft and monetization of financial information or personal information, to disruptive attacks, money-transfer scams, ransomware and DDoS extortion attacks.
The wide variety of cyber threats that exist means that we need to ensure that the right monitoring, detection and protection mechanisms are in place as part of our security programs. We also need to understand what’s happening around the world in terms of threat actors and attack scenarios and be ready to defend and protect against them.
I believe there are five critical elements for successfully protecting against such cyberattacks:
>> Always being prepared with an in-depth defense strategy
>> Instilling and maintaining a cybersecurity culture and awareness across the entire organization
>> Investing in threat intelligence and predictive analytics to identify actors, new vulnerabilities and emerging threat indicators
>> Ensuring we have the best talent and skillsets inside our cyber security organizations
>> Participating in public-private collaboration for shared threat intelligence and best practices
Q: Where are most of today’s major cyber attacks coming from?
Selim Aissi: As I mentioned above, there are a number of different types of cyber criminals that are responsible for today’s attacks. They come from all around the world with varying backgrounds, abilities and motivations. My mission is to be prepared for any threat by leveraging state-of-the-art technology, intelligence and insight, as well as our team of talented security professionals.
Q: Do you believe that the financial services industry is doing a good job when it comes to IT security? And are there places where improvement could be implemented?
Selim Aissi: I think that the number and the magnitude of data breeches indicates the financial services industry still has a large opportunity to improve its security posture. There have been a lot of great improvements in terms of technologies, but oftentimes, the processes and the people aspects are not taken as seriously as tools. As a whole, financial services organizations need more focus on bringing in the right talent and using them for collaboration, sharing of information and best practices with other organizations, both in the public and private sectors.
Q: In your new role at Ellie Mae, what will be your top priorities?
Selim Aissi: I have many priorities. My first priority is to build and maintain a world-class security organization. Because security is such a huge concern to mortgage lenders, we’ve made a commitment to our clients to be a leader when it comes to security and data protection.
My other priorities include making security a key differentiator between ourselves and our competition and working to ensure that our cyber security agenda is clearly defined, articulated and agreed upon across our organization and with our Board of Directors. This involves having a long-term strategy for security that tracks alongside our long-term growth strategy for the company.
Last but certainly not least, one of my key priorities is to leverage the top talent in our organization as well as to establish strong public-private partnerships to enhance our shared intelligence. While the financial services industry has become more vulnerable to security threats, ensuring that Ellie Mae stays at the forefront of security controls will require a team effort.