This article is part of our Essential Guide: Essential Guide: How APAC firms can ride out the pandemic

How Standard Chartered approaches cyber security

Bank uses security-by-design principles and conducts red-teaming exercises among other measures to fend off cyber breaches

Cyber security remains a top priority at Standard Chartered even as the bank intensifies its digitisation efforts amid the Covid-19 pandemic, according to its top cyber security executive.

Speaking at the ConnectGov Leaders Summit 2020, Darren Argyle, Standard Chartered’s group chief information security risk officer, said “seamless security” was being built into new banking platforms and digital banking services in a security-by-design approach.

Besides offering traditional banking services, the bank operates digital-only banks in Africa, and more recently in Hong Kong.

To secure these services, it uses secure application programming interfaces to facilitate dynamic exchange of transactions within financial systems, as well as verification and authentication mechanisms.

“Digital transformation and having the confidence of our customers goes hand in hand,” said Argyle. “We’re continuing to maintain that sustainable trust over the longer term.”

Like other large organisations, Standard Chartered has had its share of cyber attacks, including phishing threats which have grown by 31% since the start of the year. The bank is also concerned about the rising number of ransomware attacks on third-party suppliers across the industry.

Argyle said he hoped third-party suppliers would get a handle on their security posture, “given the difficulties that a lot of companies are having with remote working, which is stretching people quite thinly”.

The use of automation has enabled banks to improve customer experience and speed up banking transactions, but it is also being used by cyber criminals to carry out cyber attacks. “We’re seeing attackers use AI [artificial intelligence] and machine learning to speed up some of those attacks, so we’ve got to respond by combining our techniques to respond to that,” said Argyle.

To secure boardroom buy-in on the bank’s cyber security initiatives, Argyle said it was important to communicate as simply as possible, so board members will understand the impact of a major cyber breach.

“You can do that in many ways, but ultimately understand what their part is in that, so they feel some sense of ownership in what needs to be done,” he said, adding that simulations of cyber security incidents will help to bring the impact of cyber security incidents to life.

Standard Chartered also conducts red-teaming exercises, during which the bank’s technical teams act as cyber attackers who use technical and psychological ways to infiltrate the organisation.

Through the exercises, Argyle said the bank can “test the friction” of security tools that have been deployed, and to measure their effectiveness based on metrics such as the ability to protect, detect, respond and recover.

“When it comes to recover, if you’re not recovering in a few days from a major ransomware attack, it can be existential and you can go out of business,” he said.

“That message given to a board of directors has a huge impact on their ability to make decisions in a timely manner. It also helps with budgeting and the long-term sustainability of a transformation programme that can take years.”

Read more about cyber security in APAC

Read more on IT risk management

Data Center
Data Management