Countering Cybercrime: How Companies Must Adapt to Win

Two cybersecurity experts offer safety tips and answer questions about breaches, artificial intelligence, hacking, insider threats and data protection.

Featured Experts from the Natixis Investment Managers Summit:

  • Jaya Baloo, Chief Information Security Officer, KPN Telecom
  • Ilan Graicer, Entrepreneur, Cybersecurity Specialist, Game Designer, Maker and Wildlife Photographer
  • Moderator: Anne Bader, Founder, The International Cybersecurity Dialogue
Cyberattacks are becoming more and more prevalent, yet big corporations still sorely underestimate the risk. Moreover, many have not put effective security tactics into place to defend themselves against the inevitable. Although cybersecurity can be an intense, costly and sometimes uncomfortable process, experts say the risks and consequences of an attack can be mitigated by embracing a proactive and reactive strategy.

Stage a mock attack
According to Ilan Graicer, an Israeli specialist in cybersecurity, a more secure company starts by first identifying its vulnerabilities. “There are only two types of companies,” he said at the inaugural Natixis Investment Managers Summit, “those that were attacked and those that don’t know they are being attacked. If you don’t know you’re under attack, there's no real pressure to improve defenses.”

Graicer went on to explain how he can help companies identify vulnerabilities by deploying a “Red Team” of attackers to probe a company’s cyber-defenses, either from outside or within the firm. “That's where we come in and show you that we can take you down.”

A holistic approach is key
Jaya Baloo, Chief Information Security Officer at KPN Telecom in the Netherlands, has started what she calls a “security lifecycle” at KPN. This means that having a robust cybersecurity policy and strategy is not enough; a company needs to take a combined proactive and reactive approach, including hacking its own systems to probe for weaknesses. Any discoveries are followed up by an emergency response team, and senior security officers continually provide oversight.

“For every new innovation, every single product, every single software release – if our Red Team says no, it’s not allowed to go live,” Baloo said. She also works with a company’s mergers and acquisitions team to make sure potential acquisition targets meet cybersecurity standards. If a company will not give her team full access, it becomes a roadblock in the security chain. “We’ll say, on the basis of this, we can't properly assess the risk that we're taking with our investment.”

Hacking is the new normal, Graicer said; cyberattacks will only become more common as tools and skills once known only to experts are becoming disseminated on the Internet. “Everybody's learning them, everybody’s making copies, and making them better,” he warned.

Moreover, Baloo believes the advent of super-powerful quantum computers will offer hackers a new and daunting tool. “I believe we’re far from ready,” Baloo said. “I’ll put it simply: All your banking transactions, all of them, will be broken by quantum computers.”

Baloo noted that state-sponsored hacking has also played a factor. “Hackers are motivated by three things,” she said. “They start off for fun, then for profit, and finally, when they have enough profit, they realize there's a political mechanism that they can exploit by hacking.”

Though some hackers may attack for fun, some cyberattacks in recent years have taken a very real toll. The 2016 Carbanak malware hack of the SWIFT (Society for Worldwide Interbank Financial Telecommunication) banking system led to the disappearance of more than 1 billion euro from ATMs and online banking platforms around the world. And in 2013, all 3 billion Yahoo accounts were hacked and compromised – information that was revealed to users only after Verizon Communications acquired the company in 2017.

“Everybody’s worried about the grid going down,” said Anne Bader, founder of the International Cybersecurity Dialogue. “Do we have backups? Do we have contingency plans? Is every single person continually trained, and do they practice? These are questions that every corporation should be able to answer.”

“The only thing I can absolutely guarantee is that you have been hacked, you will be hacked, and it will keep happening,” Baloo said. “And that’s OK – because security is not something you'll fix with a single project.”

So what’s the answer to getting a leg up on cybercrime? “Prevent, detect, respond, verify,” Baloo said. “Keep doing that and you'll be all right.”

Explore the Summit
Speaker opinions may not necessarily be those of Natixis Investment Managers. Not all speakers are employed by Natixis Investment Managers, but may receive compensation for their services. Content should not be considered a solicitation to buy or an offer to sell any product or service to any person in any jurisdiction where such activity would be unlawful.

The Natixis Investment Managers Summit was hosted by Natixis Investment Managers. Natixis Investment Managers includes all of the investment management and distribution entities affiliated with Natixis Distribution, L.P. and Natixis Investment Managers S.A.