Are you still thinking about your vote for CIO of the Year? To help you, the three nominees would like to take a closer look at their cards. Today they are talking about how they view an important topic such as (cyber) security.
On September 26, we announced the three nominees for CIO of the Year 2023. The editors chose three CIOs who have been fully committed to the digital transformation of their organization in recent years: Herbert Carracillo (Chief Information Officer at Sibelga), Michal Paprocki (Chief Information Officer at Euroclear Group) and An Swalens (Chief Information Officer at National Bank from Belgium). All three have a strong mandate to further modernize, digitize, optimize and prepare their organization for the future. You can vote for your favorite candidate until October 20. But maybe you could use some help? We publish a number of articles that give you a better idea of what the candidates stand for and what they are doing. Today an answer to the question: ‘How important is security?’
An Swalens: ‘Security is only becoming more important’
‘Security is very important and is only becoming more important. This certainly has to do with our environment and activities – for example in the financial markets – and because we attach great importance to our reputation. We have a strong governance & risk framework and all our activities are subject to extensive regulation. We follow a strict methodology for both operational and information risks. In addition to formal governance, we organize close contacts and discussions between NBB specialists in various risk areas (legal, compliance, data, IT) and trusted partners like other central banks.’
‘For IT security we invest in expertise, processes and advanced technologies. Our IT security services carry out the necessary assessments and checks, monitor the security architecture and… security by design, and also manage all security. Our IT landscape is divided into different security zones, in line with our strategy. In our IT risk program, we manage projects and initiatives with clear goals and measurements for improvement. We also demand high security standards from our suppliers.’
‘The human factor is extremely important in security, so we invest both in making it easier to be secure (think passwordless authentication) and in spreading knowledge and awareness (think security champions). And yes, this also includes regular exercises and checks that must keep our people constantly alert.’
Herbert Carracillo: ‘Awareness campaigns are essential’
‘It is not a question of if, but when your organization will be hacked. Security is therefore central at Sibelga. After all, electricity and gas distribution networks are considered critical infrastructure. Any disruption in the operation of these networks could have far-reaching consequences, including risks to public safety and economic consequences. Through the services we provide to our customers, we also process sensitive and confidential data, including customer data, grid configurations and energy consumption data. Protecting this data from theft, manipulation or exposure is essential, including for regulatory compliance.”
‘To guarantee a high level of security and prevent cyber threats, we have invested in people and technologies to always have insight into what is going on in our infrastructure, but also to be able to respond proactively. This includes a Managed Detection and Response (MDR) approach with continuous monitoring of IT systems and networks, advanced threat detection to prevent or minimize risk and behavioral analysis to detect network and system anomalies.”
‘But to ensure the highest level of IT security, it is essential that we address the human element, as this is often the preferred point of access to our systems. Employees are directly involved in 70% of security problems. We do this by investing in awareness campaigns. We vary our campaigns from email phishing to USB sticks and Microsoft Teams and WhatsApp. This allows us to cover the entire spectrum of possible entry points into our infrastructure and network through our people. Where necessary, we also continuously supplement our IT security team with additional talent who brings in new (analytical) skills. We also work together with Passwerk for this.’
Michal Paprocki: ‘Our investments in security also protect the entire ecosystem’
‘We have been a trusted financial market infrastructure for more than 55 years and that is our great precious asset. Part of this trust that we have built in the market is the safety and security that we offer. So it goes without saying that cybersecurity is an important part of our business strategy. Cybersecurity, business resilience and operational risk management are all important parts of our IT transformation.”
‘The threat landscape is also constantly evolving with many new attack vectors. Companies therefore have to continuously adapt and proactively test their defenses – which we do ourselves. We have already doubled the number of IT security functions and are still expanding. We also continue to invest because I believe our job is not only to protect our business, but also the broader ecosystem that we support. So you could say that our work is never finished.’
This is how you cast your vote
On www.datanewscio.be we introduce the three candidates to you in more detail. There you can also immediately cast your vote for your favorite candidate. We will close the public vote on October 20. The final winner will be determined by our professional jury and will be announced at the CIO of the Year event. This will take place again this year in the Event Lounge in Brussels on December 7, with cybersecurity as the central theme of the evening.
All information and registrations via www.datanewscio.be.
