Frankfurt Digital Finance gathers key participants in the European digital finance ecosystem with more than 60 speakers and 600 attendees.
Hacknowledge was invited as an official speaker for the Cybersecurity Panel.
The key topics were to focus on:
- 1.) Protect sensitive financial data & ensure operational/cyber-resilience
- 2.) Managing 3rd party risk
- 3.) Keep up to date with changing regulation
The Main Speakers for the Cyber security panel were:
- Derk Fischer, Partner at PWC Germany.
- Miriam Sinn, Head of TIBER Cyber Team of German Federal Bank.
- Patrick Mkhael, Senior Cyber security engineer at Hacknowledge.
- Christina Flörsch, Senior Project Manager at Commerzbank AG.
- Natallia Karniyevich, Senior Associate at Bird & Bird LLP.
An Introduction of DORA and TIBER regulations from a Regulatory, theoretical, and technical approach was made.
DORA, Digital Operational Resilience Act solves an important problem in the EU financial regulation. Before DORA, financial institutions managed the main categories of operational risk mainly with the allocation of capital, but they did not manage all components of operational resilience. After DORA, they must also follow rules for the protection, detection, containment, recovery, and repair capabilities against ICT-related incidents.
TIBER, TIBER-EU is the European framework for threat intelligence-based ethical red-teaming. It is the first EU-wide guide on how authorities, entities and threat intelligence and red-team providers should work together to test and improve the cyber resilience of entities by carrying out a controlled cyberattack.
Hacknowledge cyber security specialist, explained the importance of Detection and Response in enhancing and maintaining the security posture of companies in the financial sector when facing the latest threats. In addition to what are the best practices for both areas from a technical perspective.
Patrick Suggested for the detection part to be always proactive, to use an offensive approach to enrich their detection because “attack is the best form of defense” and if possible, to integrate machine learning to detect the unknown behaviors.
For the Response part, Keeping the Digital Forensics, and Incident Response procedures always UpToDate and regularly test Incident response plan, especially the recovery part.
At the end, the speakers agreed on the importance for the financial institutes to continuously test and enhance their security posture because of the criticality of this sector, in addition for being always targeted by the most sophisticated attacks.