Banks, security, and an evolving threat landscape

Upcoming Black Hat MEA speaker Zechariah Akinpelu (CISO at Unity Bank) is a multi-award winning cybersecurity exec, with experience across a wide range of security operations and specialities – from governance and incident management, to threat hunting and cloud security. He pioneered the information security unit of Enterprise Bank (now Heritage Bank), and led the security organisation of Interswitch – the biggest digital payment company in Sub-Saharan Africa.

We asked Akinpelu about the challenges and pressures of leading cybersecurity for a bank. Complex organisations require cybersecurity professionals who are dedicated to continuous learning and development; because the threat landscape is never static.

Could you briefly share your career journey so far?

“I started as a software developer for a software company, where I had the opportunity to develop various software ranges for EdTech, various payment platforms and human resources. My passion for excellence and quality made me learn more about secure coding to ensure that my applications couldn’t be easily hacked by malicious threat actors.

“I started advocating for security and ensuring that all our apps were in line with security best practices. I was soon saddled with the responsibility of quality assurance and security engineering of all our software – before I kickstarted my career as a core cybersecurity professional.”

You have such varied experience, both academically and on-the-job. How has your perspective on cybersecurity changed over the course of your career?

“Before I started my career in cybersecurity, I realised early enough that for me to keep abreast of the latest trends in tech, I’d need to ensure I subjected myself to continuous learning.

“This informed my dedication to continuous development. I believe so much in learning, relearning and unlearning whenever the need arises. As cyber threats have become more prevalent and sophisticated, I recognised the need to prioritise cybersecurity measures to protect sensitive information and digital assets – which can be achieved by constant learning.

“The evolution in technology has also given rise to an evolving threat landscape, so I need to stay up to date to combat emerging risks.”

What are the pressures and challenges of leading cybersecurity for a bank?

“Leading cybersecurity for a bank is quite challenging due to the critical nature of the organisation. The potential impact of a successful exploitation on a bank can be huge – it can result in financial losses, reputational damage, legal consequences, and erosion of customer trust if not properly managed.

“I need to:

• Keep abreast of the evolving threat landscape; such as advanced persistent threat (ATP), malware, and social engineering. I need to stay updated on emerging threats in order to develop cyber-resilient strategies to improve the bank’s cybersecurity posture.
• Constantly abide by the various regulatory compliance codes such as the Payment Card Industry Data Security Standard (PCI DSS) and General Data Privacy Regulation (GDPR) – because banks are heavily regulated.
• Handle insider threats such as disgruntled employees and malicious insiders. They pose a great cyber threat to banks because these sets of individuals understand the systems and various security controls put in place, and know how to circumvent these controls if adequate visibilities are not in place.
• Manage the security risks associated with third-party relationships – because banks always rely on third party vendors and partners.”

What's one thing you wish everyone knew about cybersecurity?

“Cybersecurity is everybody’s responsibility. I believe so much that if we all embrace this idea, then individuals can proactively contribute to a safer digital environment for themselves, their communities, and their organisations.”

Finally, what are you looking forward to at Black Hat MEA?

“I’m looking forward to meeting cybersecurity experts from various parts of the word, sharing thoughts and experiences and learning new insights about the cyber threat landscape – so I come back with actionable measures to improve on my organisation's security posture.”

Thanks to Zechariah O. Akinpelu at Unity Bank. Want to learn more? Register now to attend Black Hat MEA 2023.