Securing the Cashless Economy Against FraudBarclay's Theo Nassiokas on Essential Steps
What can CISOs at banks do to help prevent fraud as the region, and in particular India, moves toward achieving a cashless economy? Singapore-based Theo Nassiokas, director, APAC cybersecurity, at Barclays Bank, says before adopting advanced technologies, including enhanced authentication, CISOs must address the fundamentals of security.
"No matter which industry you're in, if you're in a ... CISO role, my advice would always be to never ever forget about the basics," he says in an interview with Information Security Media Group during the recent RSA APJ Conference in Singapore. "It will be the basics not being done well that will bring you in trouble every time. It's not going [to] be your ability to detect advanced persistent threats, but how well do you patch?"
It's time all practitioners got smarter in defending businesses against new threats and demonstrate the cost in securing new projects, he argues.
And a key element of a sound defense is going beyond two-factor authentication. He points out that new authentication mechanisms for mobile devices can measure 'something like 2,000 different parameters every time the user logs in, identifying various biometric forms."
In the interview (see audio link below photo), Nassiokas also discusses:
- Why practitioners need to focus on improving patching and disaster recovery and mapping assets;
- New forms of authentication;
- Why a pragmatic approach to enhancing security and developing forensic capabilities is needed.
Nassiokas is a technology risk and regulatory focused security professional with over 20 years of experience. Before joining Barclay's, he worked as the head of TIS, risk and control and TechOps at Standard Chartered Bank. He also had a long stint at ANZ as the head of information security technology risk and also worked at Deutsche Bank as the vice president and APAC regional head of risk, audit and regulatory. He has expertise in the areas of security, risk, compliance and e-fraud and has spoken on these topics across various forums. He's a member of the Association of Certified Fraud Examiners.