Lloyds Banking Group has reinforced its defences against sophisticated phishing attacks while improving resilience. Intelligent CISO spoke with Paul Branley, Deputy CISO, Lloyds Banking Group, to find out more about the threats facing the organisation and how Garrison is helping to keep it secure both now and into the future.
Can you introduce yourself and describe your job role?
As Deputy CISO for Lloyds Banking Group, I head up the areas of strategy, innovation and testing.
Testing is my biggest team and its purpose is to ensure we can accurately assess how secure we are. Our strategy team, meanwhile, looks ahead to identify where we want to be in a few years’ time. Finally, our innovation team aims to bridge the gap with some really clever, transformative solutions in order to address some of the hardest problems we’re facing today, in order to move us forward tomorrow.
As one of the UK’s leading financial service providers, how important is integrating resiliency into your business model to avoid downtime and ensure robust cybersecurity?
Resilience is important and it’s becoming even more so as we become more reliant on technology as a business. Our customers are also using more and more technology in the way they consume the services we offer, so resilience is crucial.
At Lloyds Banking Group, we’re trying to make sure our services are available at all times of the day 24/7/365 when our customers want to access the services from wherever they choose, in whatever way they wish to access them.
How do global cybersecurity trends compare/differ to those in the UK and how does this impact your management style?
In the cyber domain, there are no borders. We’re finding that adversaries and threats are global in nature – everywhere on the planet is just a couple of clicks away from accessing our services.
I don’t think the UK is any different to anywhere else in the world – the threats that we’re facing are very similar and are fast evolving.
Criminals are very innovative and it’s up to all of us to evolve quickly in return. We maintain a list of the top threats and modify them on a regular basis to keep our businesses informed, so that they can respond and monitor risk accordingly. Currently, the top threats relate to ransomware and the geopolitical environment. We’re concerned about any overspill from events that are happening on the global stage in relation to current conflicts. The data we hold is also extremely important so we’re always conscious that it’s an attractive target. Even when we’re really good at securing our business and our data systems ourselves, we need to think about the supply chain.
Can you talk us through your strategic vision when it comes to cybersecurity and your work with Garrison?
Strategically, we want to take advantage of technology and more advantage of the Internet. Web access has always been a concern for us and I think traditionally we’ve controlled the risk by restricting and blocking things.
Garrison is allowing us to turn the tables and to enable some of our staff members more access. We see it as an enabler, providing access but in a way which doesn’t come with additional risks.
Can you outline some of the challenges you were experiencing prior to your work with Garrison and how its services helped you to tackle these?
Prior to using Garrison, we tried to tackle the risks and threats in different ways. We were reliant on feeds to inform us that something was a known bad actor and should therefore be blocked.
We relied on staff to make sure they were highly vigilant and relied on software to detect anomalies, but we realised that neither software nor humans are perfect. Some of the adversaries have become clever in the way they target our users and entice them to click on links that would allow malware access to our environment.
Garrison has allowed us to change that with its architecture, removing the reliance on the human. We’re allowing staff to use our systems and click on links without them having to be perfect.
How would you describe your experience with Garrison so far?
We have found Garrison to be extremely good at working with us. It has taken time to understand us and been very flexible and listened to specific requirements that we may have. It has also adapted its approach, products and the projects that it is working on with us, accordingly.
How do you continually manage phishing as one of the biggest threats in your industry?
Phishing is potentially the biggest issue that many organisations face from a security perspective because it’s often the first step of many different types of attacks.
Traditionally we’ve tried to deal with it in different stages such as putting in a number of layers as we receive emails to try to check them pre-delivery to sandbox them to check out links and so on before we let them through.
That’s not perfect and some of the adversaries put in place mechanisms to get past those detections. And then, when it arrives in someone’s inbox, we rely on the human to check, although we provide education and we do tests with users to make sure they are as vigilant as possible.
But attackers are using very sophisticated methods and it can be hard for staff to pick everything out. If some of the threats get through, we’re then reliant on trying to detect some malicious software that’s possibly already got a foothold in the organisation and by then, it’s beginning to get a little bit too late. Garrison has allowed us to have much more confidence. If the first few layers don’t detect it and a human is enticed to click on something which is well crafted, then that’s another thing, but with Garrison, it helps keep the malware contained. This has strengthened our phishing defences.
How do you innovate with security at the heart of what you do?
We’ve got a great security innovation team which we’ve created over the last few years, with many enthusiastic and intelligent people who are looking at various different ways to solve problems. We invest a lot of time with different communities around the globe including the big names like Google and Microsoft, but also with some of the cybersecurity startup communities. We’re also sponsors of the London Cyber Innovation Centres and we’re expanding out to the different regions like Manchester and NCSC in Cheltenham. We try to stay connected with all of those and meet a lot of startups. We get approached by a lot of different companies and ideas and we’re very lucky to get early access to those, which is something that enables us to try to stay ahead of the threats because we know that some of these adversaries are extremely good at innovating themselves.
How does the pressure to digitise affect your security strategy and how do you adapt this in line with your Digital Transformation goals?
Digitisation is both a benefit and a challenge. I think there’s some great opportunities to move away from some of the legacy technologies and modernise by implementing some of the new digital technologies that have been designed for the current threats.
The challenge we have is that there’s so many and it’s hard to choose the ones that are effective. Many come with promises and don’t necessarily deliver. The efficacy of some of the cybersecurity products is really important to us and we have to take time to look at that.
I think the new technologies offer opportunities but of course they also introduce new risks and threat vectors. Cybercrime is accelerating fast in the wrong direction and it’s important that we try to keep pace. We see cloud as central to our future and part of our Digital Transformation and therefore we have started to investigate using Garrison Ultra.Click below to share this article