Fredrik Simonsson, Co-Founder of Expisoft: “Financial companies that have a handle on their cybersecurity will have a competitive advantage going forward”
20 April, 2023
Cyber attacks are a major risk to businesses, particularly in the finance and venture capital sectors with certain cybersecurity threats facing the finance industry. Fredrik Simonsson, co-founder of Expisoft, discusses the need for proactive measures to protect sensitive information and financial assets, and what upcoming regulations might mean for the financial industry in the near future.
In today's digital world, cybersecurity is a critical concern for businesses, not least within the finance and venture capital industries. With the increasing frequency and complexity of cyber attacks, companies must take proactive measures to protect their sensitive information, financial assets, and reputation. One way to do that is to work with companies like Expisoft.
Expisoft is a leading Swedish software development company with extensive experience in creating cutting-edge products and solutions in the field of IT security. Alongside their expertise in this area, Expisoft also works closely with military and government agencies to provide tailored solutions that meet the unique needs of these organizations. Fredrik Simonsson is co-founder of Expisoft and knows what companies should think about when it comes to cybersecurity.
– Cybersecurity is a growing matter for all industries, not least for venture capitalists. They have a lot of sensitive information to protect and face different threats than other businesses. If their data is breached, it could be very expensive and damaging. That's why Venture Capitalists need to focus on cybersecurity and take steps to keep their investments and data safe, Fredrik says and continues:
– Fraud and ransomware attacks are currently the biggest cybersecurity threats facing the finance industry. And these risks are only expected to grow as the economic landscape continues to get tougher.
Tools for improving cybersecurity
In 2022, the European Commission published the Digital Operational Resilience Act, also known as DORA, which aims to strengthen the EU financial sector's ability to withstand cyber threats and maintain the stability and integrity of financial markets.
For companies in the financial sector, this means implementing strong cybersecurity measures that meet the specific requirements of DORA.
– ISO 27000 and CIS controls are helpful tools for cybersecurity. Using these tools can show that a company has control over its cybersecurity and raise awareness about potential weaknesses in its procedures. By undergoing a CIS control or ISO assessment, companies can identify and fix any vulnerabilities in their system, making it more secure and reliable for everyone involved, Fredrik explains.
Part of the DORA regulation is to perform penetration tests. However, according to Fredrik, these penetration tests are meaningless if companies don't have their processes, routines, and internal systems in order.
– The consequences if companies won’t follow these regulations are that clients no longer want to do business with you. And financial institutions are societal important functions, so it is extremely important that companies have this in order. The regulations around cybersecurity will only continue to increase, not only within the financial sector but in all sectors, nationally and internationally, warns Fredrik.
The importance of identity management
As part of the DORA framework, companies will have to report cyber incidents using a special reporting portal. However, in order to do that, they need to have a clear overview of their cybersecurity. A key aspect, to begin with, is keeping track of identities, which is vital for strong cybersecurity practices, particularly in the finance industry.
– If you don't have control over your identities, you don't have control over anything. So always start by making sure the identities of the people you interact with are correct. One way to do this is with two-factor authentication, Fredrik explains and continues:
– At Expisoft, we suggest minimizing the use of passwords whenever you can. You should instead use multi factor authentication based on a physical token, a smart card or a Yubikey. If you do have to use passwords, we recommend making them stronger by adding a one-time password, (OTP code).
Building trust with clients
Fredrik believes that the cybersecurity industry offers big opportunities, particularly in the financial sector. As the world becomes more connected, the need for cybersecurity will only continue to grow and provide endless possibilities. By focusing on cybersecurity, companies can build trust with clients and improve their reputation in the industry.
– Financial companies that have a handle on their cybersecurity will have a competitive advantage going forward. In addition to gaining control and order, it provides them with a competitive edge and gives their clients peace of mind.
So, what do you consider to be the most important measures to ensure cybersecurity in the financial sector?
– It's important to make cybersecurity a priority and incorporate it into everyday practices, even if it's not the main focus of a business. This means leaders within the organization need to show that cybersecurity is a key issue. For hands-on support, companies like Expisoft can offer expert advice, resources, and technology to keep businesses up-to-date on the latest cybersecurity practices.
Never miss a thing
Subscribe to our newsletter. In Sharpfin Insider we share important updates, interesting articles, release notes and trade secrets. You don't wanna miss it.
Do you want to know more? Send us a message below.
Vasagatan 10, 4tr
111 20 Stockholm