Fredrik Simonsson, Co-Founder of Expisoft: “Financial companies that have a handle on their cybersecurity will have a competitive advantage going forward”

In today's digital world, cybersecurity is a critical concern for businesses, not least within the finance and venture capital industries. With the increasing frequency and complexity of cyber attacks, companies must take proactive measures to protect their sensitive information, financial assets, and reputation. One way to do that is to work with companies like Expisoft.

Expisoft is a leading Swedish software development company with extensive experience in creating cutting-edge products and solutions in the field of IT security. Alongside their expertise in this area, Expisoft also works closely with military and government agencies to provide tailored solutions that meet the unique needs of these organizations. Fredrik Simonsson is co-founder of Expisoft and knows what companies should think about when it comes to cybersecurity.

– Cybersecurity is a growing matter for all industries, not least for venture capitalists. They have a lot of sensitive information to protect and face different threats than other businesses. If their data is breached, it could be very expensive and damaging. That's why Venture Capitalists need to focus on cybersecurity and take steps to keep their investments and data safe, Fredrik says and continues:

– Fraud and ransomware attacks are currently the biggest cybersecurity threats facing the finance industry. And these risks are only expected to grow as the economic landscape continues to get tougher.

Tools for improving cybersecurity

In 2022, the European Commission published the Digital Operational Resilience Act, also known as DORA, which aims to strengthen the EU financial sector's ability to withstand cyber threats and maintain the stability and integrity of financial markets.

For companies in the financial sector, this means implementing strong cybersecurity measures that meet the specific requirements of DORA.

– ISO 27000 and CIS controls are helpful tools for cybersecurity. Using these tools can show that a company has control over its cybersecurity and raise awareness about potential weaknesses in its procedures. By undergoing a CIS control or ISO assessment, companies can identify and fix any vulnerabilities in their system, making it more secure and reliable for everyone involved, Fredrik explains.

Part of the DORA regulation is to perform penetration tests. However, according to Fredrik, these penetration tests are meaningless if companies don't have their processes, routines, and internal systems in order.

– The consequences if companies won’t follow these regulations are that clients no longer want to do business with you. And financial institutions are societal important functions, so it is extremely important that companies have this in order. The regulations around cybersecurity will only continue to increase, not only within the financial sector but in all sectors, nationally and internationally, warns Fredrik.

The importance of identity management

As part of the DORA framework, companies will have to report cyber incidents using a special reporting portal. However, in order to do that, they need to have a clear overview of their cybersecurity. A key aspect, to begin with, is keeping track of identities, which is vital for strong cybersecurity practices, particularly in the finance industry.

– If you don't have control over your identities, you don't have control over anything. So always start by making sure the identities of the people you interact with are correct. One way to do this is with two-factor authentication, Fredrik explains and continues:

– At Expisoft, we suggest minimizing the use of passwords whenever you can. You should instead use multi factor authentication based on a physical token, a smart card or a Yubikey. If you do have to use passwords, we recommend making them stronger by adding a one-time password, (OTP code).

Building trust with clients

Fredrik believes that the cybersecurity industry offers big opportunities, particularly in the financial sector. As the world becomes more connected, the need for cybersecurity will only continue to grow and provide endless possibilities. By focusing on cybersecurity, companies can build trust with clients and improve their reputation in the industry.

– Financial companies that have a handle on their cybersecurity will have a competitive advantage going forward. In addition to gaining control and order, it provides them with a competitive edge and gives their clients peace of mind.

So, what do you consider to be the most important measures to ensure cybersecurity in the financial sector?

– It's important to make cybersecurity a priority and incorporate it into everyday practices, even if it's not the main focus of a business. This means leaders within the organization need to show that cybersecurity is a key issue. For hands-on support, companies like Expisoft can offer expert advice, resources, and technology to keep businesses up-to-date on the latest cybersecurity practices.