Fintech Belgium_Webinar 3: Cybersecurity / Covid-19: Home Working Challenge - 03-04-20

1. Webinar 3:
Cybersecurity /
Coronavirus Homeworking
Challenge

2. Programme
 Introduction by Toon Vanagt
 Fintech industry: A reliable partner
for the financial sector by Professor
Georges Ataya
o Case studies
o What methods should be put in place?
o The skills that are lacking
o Certifications

3. Your Speakers
Georges Ataya
Academic Director at Solvay Brussels School
Managing partner Ataya & partner
Co-Founder of the Belgian Cybersecurity Coalition
Co-founder DPO Circle
Member of the Advisory Boards at Agoria, BECI, CIONET,
ISACA
Past International Vice President at ISACA and co-
founder of the body of knowledge of CISM and CGEIT
Toon Vanagt
Host, Board of FinTech Belgium
CEO of data.be

4. Cybersecurity context
Fintech concerns for Cybersecurity
European regulations and guidelines
Certification for SME
Cybersecurity skills assessment
Competences and knowledge
Professional certification
Cybersecurity
for FINTECH
Prof. Georges Ataya

6. Urgent Cyber Security Issues
1. Financial Crimes
2.The Rise of Multi-Cloud Computing
3. Third-Party and Supply Chain Attacks
4. Shortage of Cybersecurity Professionals
5. More Sophisticated Phishing Exploits
6. Cyber Attacks on the Grid
7. Personal Attacks
8. State-Sponsored Attacks
9. IoT and Autonomous Systems
10. Smart Health Devices and EMR
“Cyber crime is big
business, with the most
elite hackers earning a cool
half a million dollars a
year just to test system
security; the bad guys are
raking in billions”.
Source: www.csoonline.com
The 14 biggest data breaches of the 21st
century
Adobe
Date: October 2013
Impact: 153 million user records
Adult Friend Finder
Date: October 2016
Impact: 412.2 million accounts
Canva
Date: May 2019
Impact: 137 million user accounts
eBay
Date: May 2014
Impact: 145 million users
Equifax
Date: July 29, 2017
Impact: 147.9 million consumers
LinkedIn
Date: 2012 (and 2016)
Impact: 165 million user accounts
Marriott International
Date: 2014-18
Impact: 500 million customers
Yahoo
Date: 2013-14
Impact: 3 billion user accounts

7. Sources of external threat
Intelligence
Agencies
Criminal
Groups
Terrorist
Groups
Activist
Groups
Armed
Forces
7

8. The fact that there’re many cases in which large
traditional banks have failed to protect the data of
their customers do not imply that Fintech is better
than other financial institutions
Source: FSBT.TECH (Open API Platform)
A report by PWC indicates that it is easy for the new
banks to focus on securing the activities of their
clients on their systems than for large conventional
banks.

10. EU RegulationseIDAS

11. setting the security and notification
requirements for digital service providers and
build national capabilities
help to manage digital identities by providing
online trust and allows citizens and business to
use national eID and trust services across borders
gives control to individuals over their personal
data and to simplify the regulatory
environment for international business
eIDAS
framework for European Cybersecurity
Certificates for products, processes and
services that will be valid throughout the EU

13. Cyber Security Coalition & CCB Elements of the scheme
Page 13
Cybersecurity Fundamentals for SME
Plan your cyber security
• Understand the enterprise context
• Management commitment
• Training, communication and awareness
• Custom made or internally developed software and hardware
• Incident management basics
Manage risks for your most important assets
• Inventory of IT devices
• Risk management (Predefined)
• Information classification and handling (minimum mores)
• Backups and Restore
Cybersecurity Technical measures
• Firewalls
• Secured configuration
• User access controls
• Malware
• Patch management
• Email Security
https://cyberguide.ccb.belgium.be/en

14. Cyber Security Coalition & CCB Elements of the scheme
Page 14
Cybersecurity Fundamentals for SME
https://cyberguide.ccb.belgium.be/en
Project 1 Project 2 Project 3 Project 4 Project 5
Self-assessment
questionnaire &
tool
Promotion &
Communication
Advice
Development
Labelling
Currently on hold
Registry of
specialists &
solution providers

15. Awareness Campaigns
15

16. Cybersecurity
Awareness
Corporate and general Management
Application Development
Business managers and Users
IT Professionals
Information Security Professionals
Awareness Classes
Incident Management
Guide
16

17. Rising risks in the digital economy

18. Building higher defensive walls and
installing defense-in-depth solutions
© Copyright ICTC.EU 2017© 2017 ICT Control NV SA - No reproduction or reuse 18

19. Source ISACA.ORG 19
What level of
protection do
we need?

20. IDENTIFY
DETECT
PROTECT
RESPOND
Cybersecurity processes
20
RECOVER © 2015 ICTC.EU

21. IDENTIFY
DETECT
PROTECT
RECOVER
RESPOND
Functions
Develop and implement
Cybersecurity processes
21

22. DETECT
DE.AE-5: Incident alert
thresholds are established
DE.AE-1
DE.AE-2
DE.AE-3
DE.AE-4
• COBIT 5 APO12.06
• ISA 62443-2-1:2009 4.2.3.10
• NIST SP 800-53 Rev. 4 IR-4, IR-5, IR-8
Anomalies and Events (DE.AE):
Anomalous activity is detected
in a timely manner and the
potential impact of events is
understood.
© 2015 ICTC.EU
22© 2017 ICT Control NV SA - No reproduction or reuse
The need for good business
practices

24. 24
A MANAGER FOR CYBER SECURITY
PROTECTION and INCIDENT MANAGEMENT
Information Security Governance
Information Security Incident
Management
Information Security Program
Development & Management
Information Risk Management
& Compliance

25. SHORTAGES OF DIGITAL PROFESSIONALS
10 avril 2020 ©2020 Ataya & Partners. All Rights Reserved 25
TECH TRENDS WITH STAFFING NEEDS
Machine learning; Big data
Blockchain
Digital transformation
Cyber security; IoT security;
Cloud; Privacy by design
3D printing
Agile and a DevOps;
Technical debt and legacy debt
Various sources
INFORMATION SECURITY PROFESSIONS
1. App security engineer
2. Cyber security consultant
3. Data protection officer
4. Chief security officer
5. Security analyst
6. Security engineer
7. Security architect
8. Security and penetration testing expert
Source: esecurityplanet.com
CYBERSECURITY PROFESSIONS
1. Ethical hacker
2. Information Security Analyst
3. Penetration Tester/Vulnerability Analyst
4. Digital Forensic Analyst
5. Security Software Developer
6. Chief Information Security Officer (CISO)
7. Network Engineer/Security Architect
8. Incident Handler
source: eccouncil.org

26. 26
ASSESSMENT OF
SKILLS
IN
DIGITAL GOVERNANCE,
TECHNOLOGY, AND
TRUST
Academy.atayapartners.com/fintech-sessions

27. DREAM. LEARN. LEAD.
• THANKS
Full online Education
Starting in April 2020
S2 (CISSP preparation)
G2 (COBIT 2019)
B2 (Data Management)
M2 (Application development)
April and
May 2020

28. 28Academy.atayapartners.com/fintech-sessions
Graduation photo Trusted Fintech Program 2018-2019

29. //academy.atayapartners.com
Academy.atayapartners.com/fintech-sessions

30. Georges Ataya
Professor, founder and Academic Director of Digital and information
security management at SBS-EM
Co-Fouder of the Belgian Cybersecurity Coalition
Co-founder DPO Circle
Member of the Advisory Board: Agoria, BECI, CIONET, ISACA, belgian
Cybersecurity Coalition
Managing Director ICT Control advisory firm
Founded IT Management Academy
Past International Vice President at ISACA
Past Partner Ernst & Young
Past Deputy International CIO ITT World Directories
Previously Project Manager and Senior IT Auditor
Linkedin: ataya
Academy.atayapartners.com/fintech-sessions

32. • NEXT FRIDAY AT 14PM:
Webinar: Financial crisis survival / Coronavirus
Homeworking Challenge
• NEXT THURSDAY APRIL 23rd:
Digital Classroom: How to become and stay
licensed in Belgium?, April 23rd from 2pm to
6pm, in collaboration with Febelfin Academy