–> This is a pre-event interview in the run-up to the Leaders in Finance Cyber Security Event on 25 May 2023
Jeroen: Thank you for taking the time to talk to Leaders in Finance. Could you please introduce yourself?
Mimoent: My name is Mimoent Haddouti. I am currently holding the position of Head of Chapter Security & In Control and the role of Chief Information Security Officer of Rabobank with a wide range of responsibilities related to global cyber security, business continuity, and enabling the risk management within Rabobank’s largest domain Innovation and Technology. In addition, it is important for me to contribute to creating equal opportunities in society. As one of the founders of the Power4Talent foundation, I am actively involved and committed to reducing the distance to the labour market for MBO students (secondary vocational education). Besides that, I am active as a member of the Cultural Advisory Board of the University of Amsterdam and the Advisory Board of ECP | Information Society Platform. Furthermore as a member of the Waterweg Wonen, MBO Rijnland, Kleurrijk Rabo, WiGo4IT commissions, as well as the HackShield advisory board.
Jeroen: It is probably hard to summarize, but if you would try, what do you like so much and what is so interesting about your current role?
Mimoent: First of all, it is an important topic for our organization and our customers: it is a key priority to keep our clients and organization safe and resilient. Cyber Security ticks all the boxes in the land of opportunities. It is key in the journey towards a digitized world and still a CEO’s top 1 priority. There are opportunities to help make people (governance), process and technology come together in the right balance between risk and return. There are opportunities for example on Cyber Security vision and strategies, in security governance and organizational setup, in balancing risk and return, and helping organizations to mature, to become more resilient and sustainable, and ready for the future. So that is what makes working in this field so interesting. Moreover, I like the dynamic of working within this part of the organisation, which varies from long term projects and implementations to crisis management, in which you have to act fast. It requires a broad view, overseeing global impact and trends and translating those to us as an organization. In doing so, you meet all layers of the organization, so I work with a variance of people. Lastly, I like that Cyber Security is a topic where we do not compete with our peers, internally and externally. Cyber Security is a team effort, which requires (internal and external) communities, networks and partnerships to combine forces as necessary.
Jeroen: What do you see as the biggest challenges at the moment with regards to Cyber Security related to the stability of Financial Services Institutions themselves?
Mimoent: Firstly, it is a central and key element to create and maintain trust for the transition towards a digitized world, in which many things are blurry and challenges and difficulties are hard to understand. This specifically applies to the financial sector, which is built on trust: trust in keeping information, data and our money safe. Secondly, the regulatory pressure continues to build with developments like DORA, KYC, EBA on outsourcing, NIST2 and coming ransomware legislation. This demands new approaches in risk management, including privacy and cyber security. An important skill in this, which is in need of refinement, is balancing cost and return. Lastly, especially in sectors like IT, Cyber Security and Risk Management, there is a shortage of skilled personnel. Nowadays, more effort is required to attract and retain staff in this competitive labour market. And just keeping staff happy is probably not enough, additional solutions like automation and outsourcing will be required too.
Jeroen: And what do you see as the biggest challenges at the moment with regards to Cyber Security related to society at large?
Mimoent: Cybercrime is evolving rapidly, attackers are becoming more professional and have the resources to plan and wait for the right time to strike. Organized cybercrime globally is a major threat. Criminals are still choosing the path of the least resistance, and will attack companies who are either connected to the internet via vulnerable software, or who are vulnerable through social engineering, which can be used by methods such as phishing. To financials, the main top threat remains digital extortion, and as the initial access market is booming, more companies will receive ransom demands. Another challenge is that in this connected world, we also need to ensure that our supply chain remains secure. Many institutions, financials including, are increasingly dependent on software and services from third parties. A cyber attack affecting such third parties might result in collateral damage for organizations.
Jeroen: What technology are you most concerned about and what technology do you see as most promising?
Mimoent: A lot of investments are made in AI, including for example augmented hacks and deep fakes. Both security researchers and threat actors have demonstrated that the AI bot ChatGPT can be used for nefarious purposes, like writing malicious code and identifying vulnerabilities. As AI tools get better every day, it is expected that the use of AI during cyber attacks will rise this year. For now, the threat of actors using AI to attack in new ways still remains low. And it is also a promising technology, but as I have illustrated it is a concerning development as well. It is unpredictable, and not enough people are aware of its potential consequences. For example, the barrier is very low for people to use a tool like ChatGPT or Google Translate for their working, not thinking about the risk of leaking personal data.
Jeroen: Do you have a tip or tips for starters in the Cyber Security field?
Mimoent: Being a little paranoid could be useful in this field. Do not underestimate the important role of people: in the end, we as people are the solution and as a society we have to combine our forces. Stay curious on all the developments and keep enjoying the interesting and important field you are working in.
–> This is a pre-event interview in the run-up to the Leaders in Finance Cyber Security Event on 25 May 2023