Financial Crime World

COCOS (Keeling) Islands’ Financial Institutions Lead the Way in Cybersecurity Best Practices

As cyberattacks continue to rise, affecting every type of organization across all verticals, the threat of expensive, embarrassing, and bottom-line-affected data breaches has become very real. Despite this growing concern, some organizations are navigating the “wild west” of cybersecurity and Application Security (AppSec) best practices with particular finesse and mastery. In the COCOS (Keeling) Islands, financial institutions have emerged as leaders in this area.

Regulatory Bodies Drive Cybersecurity Leadership

Regulatory bodies play a significant role in driving the finance industry’s cybersecurity leadership. The Basel Committee on Banking Supervision (BCBS) published a report highlighting the range of observed bank, regulatory, and supervisory cyber-resilience practices across multiple jurisdictions. One key finding was the cybersecurity skills shortage challenge, which only a few jurisdictions have addressed by implementing specific cyber certifications.

Cybersecurity Workforce Management

Despite the absence of clear pathways to mitigating this risk, financial institutions in COCOS (Keeling) Islands have recognized the importance of cybersecurity workforce management. They are taking proactive steps to upskill their development cohorts with engaging training that takes them out of the classroom and into hands-on, relevant learning experiences.

Key Factors Driving Success

  • Ensuring key stakeholders are on-board and seeing the benefit
  • Communicating well with executive management to ensure top-level decision-makers understand security processes
  • Adopting hands-on, gamified secure training methods

PCI Security Standards Council

The PCI Security Standards Council has been a driving force behind cyber compliance for the finance industry, helping organizations implement viable security policies and uphold guidelines in all areas. However, many financial institutions in COCOS (Keeling) Islands have outdone even the current PCI guidelines by adopting hands-on, gamified secure training methods.

Gamified Training Examples

  • US banking institution Capital One has utilized gamified training techniques as part of its innovative Tech College and certification system
  • Russell Wolfe, Director of Cybersecurity & Cloud Computing Education at Capital One, notes that the voluntary training programs and coding tournaments gained traction quickly, with unprecedented demand and organic motivation from peers to get certified and assist in upskilling others

Regulatory Guidance

To ensure cybersecurity workforces are adequately trained, regulators around the world can outline accepted training methodologies and standards that those responsible for protecting our data must meet. The recent move by the Monetary Authority of Singapore (MAS) to include adoption of security awareness training programs and secure software development best practices in its Technology Risk Guidelines is a step in the right direction.

Conclusion

In conclusion, financial institutions in COCOS (Keeling) Islands are leading the way in cybersecurity best practices by recognizing the importance of cybersecurity workforce management, adopting hands-on, gamified secure training methods, and ensuring key stakeholders are on-board. As regulators continue to refine their guidelines, it is essential that they outline accepted training methodologies and standards to ensure the cybersecurity workforces are adequately trained to combat the growing threat of cyberattacks.