To help understand the security vulnerabilities exposed by the shift to digital – and how to defend against them – we asked Shan Lee, CISO and DPO of TransferWise to share his perspectives and top tips.
Enterprise cyber security shouldn’t happen in isolation.
You have to have a completely integrated cyber security program. If you don’t have buy-in from the board, from product managers, from every engineer working on a project to the marketing teams designing products or service propositions, you’re always going to be playing catch-up with attackers. Cyber has to be factored in from end to end.
Migrating to the cloud means re-thinking risks and processes.
You can’t just mirror what you did on-premise. The most important thing is not to attempt a lift-and-shift from on-premise to cloud. Merely replicating what you did before is a wasted opportunity. To truly take advantage of cloud infrastructure, you need to re-design everything from the ground up. The risks are different. The threat model is different. The challenges you’ll face from an operational perspective are different. Transitioning to the cloud without considering those differences is one of the biggest mistakes larger organizations make.
Enterprises need to do everything they can to improve visibility of risks.
You can never have too much information. The more intelligence you have at your fingertips, the better. But if you have the right team with the right experience, you can be fairly confident of your cyber security posture. But that doesn’t mean something won’t pop out of the woodwork. There are no absolute certainties in this game.
Cyber is now a business fundamental, but trust is the real platform for innovation and growth.
With my organization, in particular, it’s not a matter of cyber enabling growth, it’s a case of needing to have the trust of consumers as a fundamental requirement of doing business. We move people’s money. Without trust in our systems and our ability to protect data and execute transactions, we don’t have a business.