03_Emmanuel Ndiaye_Degroof Petercam.pptx

CyberSecurity Is nolonger an option for business Over time, cyberattacks on financial companies have increased in sophistication. Cybercriminals are now attacking financial institutions with very advanced methods like ransomware, social engineering, and machine learning. Cyberattacks have now joined in 2024 the top 5 global risks that could present a material crisis for organizations. Data breaches have become an expensive setback for many organizations, with the global financial sector experiencing an average cost of nearly 5.97 million U.S. dollars per breach. As these numbers continue to rise, it’s clear that the task of protecting sensitive customer data grows more complex and demanding https://phoenix.security/dora-implementation/

CyberSecurity What are the challenges ? This Photo by Unknown Author is licensed under CC BY-SA Sophisticated cyberattacks Access to Data New disruptive technologies Third party Integration Complex Architecture Lack of Skills Regulatory constraints Our mission is to protect our customer data from Theft, Loss, Unauthorized access or Fraud despite the increasing challenges.

CyberSecurity Understand your environment The digital finance sector faces a continuous and evolving cyber threat landscape, where malicious actors constantly rely on advanced & sophisticated techniques to exploit vulnerabilities and compromise the security of financial institutions, transactions, and sensitive customer data. As you cannot protect what you don’t know , it’s becoming crucial to understand our environment and corresponding threats and actors. There are many Cybersecurity Frameworks to support in assessing your environment and providing security measures to better protect customer’s data. https://finance.ec.europa.eu/digital-finance/cyber-resilience_en Know your threat landscape … Data breach Data Loss Ransomwares Insider threats Supply chain Regulatory Know your control environment (As-Is situation) Level 1 Level 2 Level 3 Level 4 Level 5 Choosing the right Framework https://atwork.safeonweb.be/tools-resources/cyberfundamentals-framework/choosing-right-cyber-fundamentals-assurance-level-your-organisation 3 1 2

Since each organization will have different Business Objectives, a different strategy, a different Risk exposure, a different control environment maturity, different resources, each board needs to set its own direction and tone for the cybersecurity journey. Obviously the roadmap the budget the timeline the governance … t o reach the target should also be specific to the organization. A strong support from the senior management is not optional . CyberSecurity The path to reach the target There is no wrong strategy… Nevertheless, the target will not be reached without: A strong sponsorship by the Senior Management A clear commitment on the Risk Appetite A clear communication about the priorities An adequate resources to get the best results A continuous monitoring of the control effectiveness A transparent report towards the key stakeholders There are different ways to go to the moon As-IS To-Be Think big, Start small and grow fast …

CyberSecurity is not a one-shot program, as the threat landscape is constantly evolving, and the target is moving, we must keep Monitoring – Measuring – Testing - Remediating – Reporting CyberSecurity @DegroofPetercam – It’s a never-ending story

CyberSecurity As a bank we expect from a Fintech … https://finance.ec.europa.eu/digital-finance/cyber-resilience_en Follow GDPR requirements Encrypt active data (at- rest & in motion) Isolate and Encrypt backups Support any kind of authentication ( MFA ) Implement a patch management process Secure your entire Development life cycle ( SDLC ) Train your employees via a security awareness program Regularly perform Pentestings on critical & exposed systems Incident Management process in place Monitoring & logging capabilities Frequently test your backup policy ( Inline with your BIA ) ISO certification or a SOC type 2 report Continuous Vulnerability Management Operational Resilience Data Privacy Gaining Executive buy-in Reviewing ICT third-party providers will require a huge sorting effort to focus on the most critical. Test resilience capabilities on a regular basis Timely and transparent incident reporting DORA brings a holistic approach to ICT Risk Mgt . DORA is harmonizing efforts to protect customer data. DORA is clearly focusing on Resilience by combining CyberSecurity , Business Continuity IT Service Continity Challenges Opportunities

Thank you