Claim OwnershipFinCyber Today
Subscribed: 12Played: 6
Subscribe
© 2026 FS-ISAC Inc. | All Rights Reserved
Description
FinCyber Today is a podcast from FS-ISAC that covers the latest developments in cybersecurity, contemporary risks, financial sector resilience and threat intelligence. Our host Elizabeth Heathfield leads interesting and challenging discussions with our special guests, who bring practical ideas on how to deal with the cyber challenges in the financial sector, improve your cybersecurity response and build resilience in business.
36 Episodes
Reverse
Fraud is changing, says Romano Stasi, Managing Director, ABI Labs. More and more, fraudsters don’t break into systems – they trick customers into giving the threat actor access to their data and accounts. Italian banks are responding with investments in customer education, cybersecurity, and AI tools – even funny commercials aimed at potential victims. Still, Stasi believes collaboration within banks and across the ecosystem is necessary to fight fraud.
MasterCard’s definition of resilience is to prepare for – and deliver despite – any local, regional, or global crisis that might arise, says Fadwa Rachi, Director, Head of MasterCard's European Cyber Resilience Centre. Mastercard can execute on that definition because leaders drive an exceptionally proactive culture and because its highly organized response teams – uniting over 30 different departments – take a situationally adaptive approach to communication, deployment, and exercising. List...
As LLMs become the gateway to the internet, agentic AI grows ubiquitous, and the threat landscape evolves faster, CISOs may need to think about security modernization in a new way. Everything from endpoint access to fraud strategies to data localization will be affected, says Grant Bourzikas, Chief Security Officer, Cloudflare. Still, he believes that despite these critical shifts in the financial sector’s digital landscape, the basics will be even more important: contextualized intelligence,...
In APAC, cyber defenders are likelier to share tactical threat intel rather than strategic information, often out of fear of suggesting they were breached, says Devinder Singh, Maybank’s CISO. But getting intel out fast – and across borders – is key to the sector's defense. To encourage a culture of trust and collaboration, Singh says APAC cyber teams need to share information on successful defenses, have the option of anonymity, and be sure of their leaders’ and regulators’ support. Af...
Quantum computing’s threat to cryptography makes many cyber experts in the financial services sector nervous. But Jaime Gomez Garcia, Global Head of Santander's Quantum Threat Program and Chair of Europol's Quantum Safe Financial Forum, thinks stoking anxiety around quantum is the wrong approach. He says cyber leaders should pose quantum resilience as “basic cybersecurity hygiene” — because, in reality, it is — prioritize use cases, and invite risk managers to the conversation. But most impor...
Cybersecurity threats to an institution are no longer limited to the organization themselves, as threat actors launch attacks across the entire supply chain in hopes of disrupting the financial services sector. Managing supply chain risk is top of mind for Ariel Weintraub, Chief Information Security Officer, Aon, who emphasizes that cybersecurity is not a competition, but an opportunity to share best practices and timely information to maintain the resilience of the global financial sector.
The quantum revolution is coming to the financial sector. Debbie Janeczek, Global Chief Information Security Officer, ING, is preparing for it and says the rest of the sector should, too. She suggests starting with building leadership’s awareness of quantum risks, inventorying algorithms, and developing the skill sets needed for post quantum cryptography. Those moves, among others, will help financial firms be ready when the quantum revolution arrives — and it’s getting closer every day.
The goal of information security is to not react to the change. It's to learn about change in advance. That’s one of the many lessons Meg Anderson, former CISO, Principal Financial Group, has learned after 40 years in cybersecurity. It’s a lesson she’s instilled in her teams, along with the power of saying no, the vital importance of developing a pipeline, and why cyber leaders need business leaders’ trust. Those lessons will help CISOs succeed, even as the cyber landscape changes.
Fraud is one of the sector's biggest concerns, but passwords aren’t much of an obstacle to today’s innovative cybercriminals. Biometrics are the next frontier, but how do you get customers to accept the pivot? Susan Koski, Chief Information Security Officer, PNC, has been examining the challenge and recommends managing by facts and known risks, understanding fraud prevention as a cross-sector problem, and remembering that the customer experience has to be central to the post-password cy...
Financial services cybersecurity has its challenges – but it’s also interesting, varied, and just plain fun, says Jochen Friedemann, Chief Information Security Officer at Talanx, the Hanover-based insurance/re-insurance firm. Cybersecurity is also more impactful than it’s ever been, thanks to cyber’s importance to senior management, with more educational and career opportunities than ever before. So though the responsibility is heavy, if you’re thinking about joining InfoSec, this is a great ...
Many financial services firms have such vast hoards of data – much of it unclassified legacy data – that owning it causes more data governance challenges than the information is worth. Olivier Nautet, Group CISO at BNP Paribas, says that firms suffering “infobesity” must approach the challenge cross-functionally, with a view to operational resilience and compliance. Here’s what he says about slimming down safely, effectively, and within regulation. Data decisions: Amassing data – especi...
Data security regulation is accelerating many firms’ data protection processes, says Karl Schimmeck, Executive Vice President and CISO of Northern Trust. However, complying with multiple jurisdictions’ reporting regimes around privacy, incident disclosures, and decision process documentation can be tough. Rigorous incident management plans and structures simplify things but it’s important to remember compliance isn’t about checking boxes. It’s about reducing risk. Regulation drives dat...
Identifying and managing risk is fundamental to good governance, says Claus Norup, Managing Director and Group CISO, Euroclear, but that’s only part of the job. Success in a CISO role depends on leadership’s buy-in, the ability to translate information to its audience, and the degree to which the function is embedded in overall governance, among other factors. Still, Norup says that in the end, successful governance comes down to the person in the role. Should you take the CISO job? If ...
Where cybersecurity and operations converge – as they increasingly do -- financial services firms must view cyber risks as operational risks. That integration is a sign of cyber maturity, says Matt Harper, Aflac’s Vice President and Global Practice Lead, Product Security, and Program Strategy, but it affects the practice of risk management. He advises financial services cybersecurity leaders to learn about the business side and map security processes toward it to the benefit of the overall in...
There used to be weeks between the announcement of a zero-day vulnerability and the next exploit. Now we have days or hours to patch the vulnerability, says Carsten Fischer, Deputy Chief Security Officer at Deutsche Bank. Sometimes threat actors are in the machine even as the patch is being tested. With such a small window of reaction time, mitigation must be faster. Prevention vs. Detection We can’t prevent every threat, but we don’t always have time to patch detected vulnera...
Stephen Sparkes has over 30 years of experience in leadership roles across the financial services tech spectrum and is currently Scotiabank’s EVP, Chief Information Security Officer and Enterprise Platforms, and member of the FS-ISAC Board of Directors. Over the years, he says, cyber has become the dominant operational risk, giving CISOs a more prominent leadership role. That role – and the skills CISOs need to succeed – will continue to expand as the threat and business environment evolves. ...
A financial services CISO’s job is to secure the organization of today and tomorrow. Lindsey Bateman, Chief Information Security Officer at M&G plc, a UK Savings and Investments company, recommends instituting a Security by Default culture to reduce the risks and increase the resilience of financial services institutions today, while keeping an eye on the horizon for emerging threats – and quantum computing is at the top of the list. Episode Notes Future Risks: Quantum Computing ...
Third-party providers are often crucial to financial service operations – and a serious cyber risk. For that reason, EU regulators are taking a close look at the digital supply chain. Here, BISO (Business Information Security Officer) at ICE Trading and Clearing, and Chair of FS-ISAC’s UK Strategic Subsidiary Board, Burim Bivolaku talks about the biggest challenges in third-party risk management, how to effectively address them, and why FS-ISAC’s UK Strategic Subsidiary Board helps its govern...
It’s difficult to quantify risk – some CISOs say it can’t be done – but there is a business case to be made for cybersecurity measures and controls (information sharing helps). Beate Zwijnenberg, ING CISO and member of FS-ISAC’s Global and European Boards, explains her approach to quantifying risk and communicating metrics relevant to senior management priorities. And she explains why DORA’s pillars may increase the sector’s resiliency as it matures the supply chain’s cyber defenses. Quantify...
The Cyber Risk Institute has developed a cybersecurity framework for the financial sector that is based on globally recognized standards. Josh Magri, CRI President & CEO, talks about the genesis of this framework and how it can help bridge the gap between self-assessment and regulatory compliance, even for financial firms that have operations around the globe. Notes from our Discussion with Josh CRI Profile The profile is the Rosetta Stone between cybersecurity frameworks, standards, an...
Comments
Download from Google Play
Download from App Store
United States