Cybersecurity's key role in investment banking
Over the last few decades, cybersecurity has evolved into one of the most critical functions globally, on both a corporate and governmental level. That’s no different at Santander CIB, where the cybersecurity team is headed up by David Sheridan, who has been at Santander for over 22 years and has overseen a huge amount of change. We sat down with him to explore how the world of cybersecurity has changed during his tenure, and what his team’s role at the bank is.
David explains that the function of cybersecurity at an industry level has evolved significantly “Information security had largely been an IT function since the beginning of the interconnected age”, he says, “covering things like network security and systems access, it was very much a technical discipline within IT. Now, as people become more aware of the risks to businesses and clients from cyber threats and those threats become more sophisticated, it’s now treated as a discipline of its own”.
Cybersecurity has come a long way in recent years. When the technology and platforms most companies use were originally built, they never imagined that the internet age meant the security of a product could change over time. In practical terms, that means that cybersecurity teams work with systems, which naturally overtime have vulnerabilities that have to be addressed.
Our cybersecurity team plays a critical role within the bank, and their extensive remit covers both internal systems, and also working with suppliers and clients in an advisory capacity.
Within the bank, the focus is on protecting, detecting and managing before they arise. Ultimately, David explains, “this is a broader resilience piece. A lot of my team’s time is spent ascertaining whether we have the right controls to protect against ransomware, testing systems for security or working with staff to understand the behaviors needed to protect against cyber threats.
The work we do on staff training and awareness, and in ‘security by design’ in any new product or system we implement, is ultimately designed to defend what David describes as “the hyperconnected bank of the future” and implementing controls that ensure people can only access the information they need to do their jobs.
Another area of focus is on supply chain risk. We therefore work closely with all our suppliers to ensure they are equally well protected and that they meet our security standards. “This all feeds into our client relationships as well”, David explained. As a business, it’s essential that we are secure right the way through our supply chain, to make sure in turn that our clients data and assets are protected. Ultimately, the job of the cyber security team when it comes to clients and customers is to generate trust between us, and value for them from our services.