I’m away today so there won’t be a news summary or my usual interview with a guest about the headlines.
Instead there’s a discussion between Jim Love, IT World Canada’s CIO and Adam Evans, chief information security officer of Royal Bank of Canada.
(Incidentally, on Monday, September 18th I’m moderating a panel discussion on ransomware at the SWIFT financial network’s SIBOS annual conference in Toronto where Adam is one of the panelists.)
This is a partial transcript of what Adam told Jim. To hear the full conversation play the podcast:
Adam Evans: The question I get asked pretty frequently is what keeps me up at night? People assume that we don’t want to get breached or we don’t want to get hacked and it’s a bad day in the life of a CISO when your organization gets compromised or your clients are impacted. But I think we’ve done a very, very good job at building out a capability, a program, and a strategy to protect the financial institution like RBC.
So I’m less concerned about that and more concerned about the proliferation of technology, the speed of adoption of that technology and how it’s being consumed … Where we are now is a time where new technologies are being released and immediately being consumed. Ten years ago, that wasn’t the case. It was always a two or a three-year adoption time before they really hit critical mass. But now it almost seems like it’s immediate: A new service, a new application, a new social media platform. They come out
and people want to start consuming them. And my job is to make sure that we enable our business and figure out ways to continue to serve the client in a safe and secure way. But the more technology you start to adopt and consume, the threat surface continues to grow. It’s not unique to businesses; that’s [the same for] individuals as well. The more technologies we consume, the more things we do online, the threat surface continues to grow. So that’s the thing that keeps me up at night is not recognizing that there is a tremendous amount of opportunity in consuming technology. It’ss just doing it in the right way, the most safe and secure way that you can. And it’s not always obvious what that is.