How to Have Strong Cybersecurity and High Productivity: Q&A with Akash Kilaru

Akash Kilaru

By Ken Dare

June 2024

When hackers stole $101 million from the Central Bank of Bangladesh in 2016 by targeting SWIFT, the world’s most popular electronic payment messaging system, it sent shockwaves throughout the financial services industry. Suddenly, it was clear that a cyberattack could destroy a financial institution and threaten the very stability of the global financial system. Now, eight years after that attack, cyber risks for financial services companies are greater than ever. As a result, fintech companies find themselves in a difficult position where they must balance maintaining a high level of cybersecurity with delivering increased productivity and performance.

Financial services organizations consistently make decisions that can positively impact one side of the security-productivity paradigm while negatively affecting the other. Lean too far to the productivity side, and the risk of data loss, downtime, and reputation damage increases. Lean too far to the security side, and performance suffers. In this Q&A, Akash Kilaru, who is a vice president of a leading bank, has more than a decade of experience in all phases of technical project lifecycle management and is experienced in spearheading the integration of security measures into the development process, addresses today’s key technology security challenges that most frequently impact workplace productivity and performance. Kilaru offers insight into how financial services companies can best address cybersecurity issues now and in the future.

Q: What is the current cybersecurity risk for financial services companies?

Kilaru: In a word, it’s “high.” Data breaches in the U.S. financial services industry totaled 744 in 2023—significantly more than the 138 incidents reported in 2020, according to Statista. The research company also stated the financial sector is currently the second-most targeted industry for cybersecurity incidents that result in data compromise. Ransomware attacks on financial services companies are also increasing. Sentinel One, a cybersecurity firm, reports that 64 percent of financial services companies were targets of ransomware attacks in 2023, nearly double the 34 percent targeted in 2021.

Q: What is driving the increasing cyberattack risk in the financial services industry?

Kilaru: There are several factors that are driving the increase in cybercrimes. Some of the key issues include the digital transformation trend that is sweeping the industry, increased demand for online financial services, and more knowledgeable and skilled hackers. Other factors include supply chain vulnerabilities, emerging technologies, insider threats, and remote work. That said, most financial services companies have instituted some security measures in response to the intensifying attacks. Unfortunately, many are perceived as time-consuming, workflow-disrupting, and productivity-decreasing.

Q: What are the five most common challenges to address when balancing cybersecurity and productivity?

Kilaru: With the mounting complexity of cyberthreats, safeguarding the security of digital assets and sensitive information is a primary concern of financial service company leaders. It’s critical for these leaders to weigh the potential benefits of implementing new cybersecurity measures with the possible negative impacts on productivity. As I see it, five common challenges need to be addressed for businesses to achieve a healthy balance between strong cybersecurity and high productivity:

The first challenge is security software implementation. Far too often, the installation and maintenance of security software decreases productivity by producing slower response times, file access delays, and temporary system disruptions.

Next, we have false positives. One of the most common negatives accompanying new security solutions is false positives or alerts that suggest there is a threat when there one doesn’t exist. Investigating them takes valuable time and resources and diverts attention from other critical tasks, thus adversely impacting productivity.

The third challenge is user authentication. Multi-factor authentication and complex password policies can delay staff access to systems and applications and reduce productivity.

The fourth challenge is operational disruption. While operational disruptions due to cyberattacks don’t receive the attention data breaches receive, they can still be highly damaging to a company’s productivity and result in significant lost revenue.

Finally, development security is a common hurdle for companies. Implementation of additional security measures in the software development process can extend the time needed for code deployment and slow the development cycle.

Q: Considering these challenges, what steps can financial services companies take to maintain the balance between cybersecurity and productivity?

Kilaru: One of the biggest keys to maintaining cybersecurity strength and high productivity is installing the right security platform. Financial services companies need a platform with advanced security controls, such as event monitoring, field audit trails to track user activity and critical data changes, and platform encryption for sensitive fields when data is at rest and in transit. The platform should also provide continuous monitoring and auditing and automated security checks directly in the release pipeline to avoid intermittent slowdowns and insufficient coverage from periodic monitoring and audits.

Another solution is to ensure strong collaboration between security and development teams. These two teams need to work closely to identify potential risks associated with new features or changes and then plan mitigation strategies. The goal is to embed security checks into the continuous integration and continuous delivery (CI/CD) pipeline. When security is integral to the development process, companies can ensure that every release adheres to established security standards. In addition, it is crucial that security staffers collaborate with IT personnel to develop incident response plans that guarantee rapid, effective responses to security incidents. Effective collaboration begins with clear communication and regular discussions with the different teams’ stakeholders, so everyone is on the same page regarding security objectives, concerns, and priorities.

Q: Are there other strategies you recommend for financial services companies seeking to meet security-productivity challenges?

Kilaru: One important area that can’t be ignored is proper planning. Proactive planning that involves relevant departments allows companies to incorporate security considerations into the planning phase rather than addressing them as an afterthought and to consider the security measures’ possible effects on productivity to maintain the best balance between the two.

Companies also need to take a careful look at their multi-factor authentication systems. It’s essential to take time to select MFA mechanisms that are strong but not overly complex. The authentication mechanisms should suit the company’s environment and reflect human behavior, so employees don’t get frustrated by a login process that takes too long.

It’s also essential to perform consistent compliance checks. To ensure ongoing compliance with data protection laws, internal policies, and industry regulations, companies need to build checks into the development process. Failure to do this can result in delays and implementing solutions that negatively impact productivity.

In addition, organizations need to set up automated software releases. Good automation tools utilized during deployment benefit security and productivity by reducing human error.

Also, companies should support the ongoing education and training of their security teams. When personnel are committed to staying current on the latest security releases, patches, and updates, they help companies maximize productivity by leveraging the latest and best technologies.

Speaking of the latest and greatest, it’s also essential to address the unique security challenges posed by emerging technologies, such as the Internet of Things (IoT) and cloud computing. This means evaluating potential vulnerabilities, understanding data flow, identifying possible points of compromise, and creating well-defined response plans for minimal downtime if something goes wrong.

Q: Why should financial services companies focus on and address these challenges immediately?

Kilaru: Companies can’t afford to lose sight of just how destructive a cyberattack can be. Cybercrime Magazine reported that 60 percent of small companies go out of business within six months of suffering a major cyberattack and that the average cost of a data breach for larger companies is $3.62 million. Due to consequences like these, cybersecurity can’t take a backseat to productivity. To ensure cybersecurity remains a priority, it’s imperative that companies emphasize cybersecurity training for employees. They also should invest in state-of-the-art collaboration tools that allow employees to work together to protect critical company data. Training sessions for non-technical team members can focus on basic cybersecurity principles, recognizing phishing attempts, and understanding the importance of secure practices in daily work.

Q: In your experience, what is essential for mitigating cybersecurity risks while promoting productivity and more efficient performance in a company?

Kilaru: Good communication is critical. Too often, departments operate in silos and address issues from only their perspective. This can lead to negative impacts in other areas of the company. It is essential for stakeholders to have frequent discussions to ensure everyone understands the security concerns and objectives and their possible impact on productivity. When talking to non-technical stakeholders, avoid technical language, focus on business risks and objectives, stress how cybersecurity contributes to the company’s mission, and highlight the potential business impact of security incidents.

Q: Do you have any other crucial tips for financial services companies?

Kilaru: Yes, it is also critical for organizational leaders to stay abreast of present-day and future challenges. Financial services organizations may face several trends and potential challenges in the future, including cloud security, advanced cyberthreats, digital transformation risks, remote work security, and artificial intelligence and machine learning threats. It’s vital that leaders understand and recognize the importance of how these challenges can impact the overall success of the company.

It’s time for financial services companies to be proactive

It’s better to be proactive than reactive when dealing with technological advances and security, especially in the financial services sector. Companies that stay on top of the newest technologies and threats and have a strategic plan are better positioned to keep data safe and maintain high productivity. Forward-looking companies understand that when implemented properly, strong cybersecurity can boost productivity through reduced downtime, more secure remote work, and decreased disruptions from security concerns.

About the Author:

Ken Dare is a freelance writer with over 20 years of experience covering financial news and business topics, including financial services, artificial intelligence, and change management. For more information, contact [email protected].