From The Desk Of CISO

From The Desk Of CISO

Awais Ejaz
GROUP HEAD

Information Security &
Governance at Allied Bank Ltd

My name is Awais Ejaz and I am working as a Group Head Information Security & Governance at Allied Bank Ltd.

I am looking after Governance, Risk and Compliance pertaining to Information security requirements of the bank. Design, Development and Security Operations of the bank are also important areas of my job responsibility.

I am an active member of the PBA (Pakistan Bank’s Association) – Cybersecurity forum and also member of different Information Security Groups. Previously at ABL, I was heading the Networks & Communications division and was responsible for the overall design, architecture and operations of the Network Infrastructure.

I started my career from SYSNET Pakistan as a Network Engineer looking after the network deployments at HBL and PTCL. Later I joined Cyber Internet Services, an ISP and a DNOP (Data Network Operator) and was responsible for the Network Operations of the Central Punjab region. I was responsible for setting up WARID’s Enterprise data network and security architecture & design. During my stay at Cybernet I was involved in various projects for Network deployments and integrations with Mobilink, Total Parco, Pepsi, Unilever, Coke, Soneri bank, Saudi Pak etc.

Question & Answer

As you are aware that cyber threats are everywhere in the world and nobody or organization is safe, what is your opinion in this regard?

Cyber threats are everywhere and are rapidly increasing around the globe. The cost of cyber crimes has increased to 6 trillion dollars annually making cyber crimes as the world’s 3rd largest economy after US and China. The digital transformation around the globe has added to this surge in the cyber crimes. If you look at the global threat landscape, following are the biggest cyber security challenges in 2022:

1- Supply chain attacks are on the rise
2- The cyber pandemic continues
3- Cloud services are a primary target
4- Ransomware attacks are on the rise
5- Mobile devices introduce new security risks
6- The next biggest threats would be arising from the IOTs (Internet of things)

Who can be involved in a cyberattack, if we would like to know your enemies & why is it necessary to protect from cyber threats?

In the murky moral universe of hackers, the line between good and evil intentions is often blurred. But the more we understand about the different types of hackers, their motives and their tactics, the better we can prepare for and prevent future attacks. It’s true that some hackers are motivated by ethical or activist considerations, while Nation-state backed hacking campaigns on the other hand, aren’t motivated by profit. They operate legally in their countries of origin; their purpose is to protect national security interests (including espionage and the propagation of fake news). As such they’re often resourced directly by governments. But let’s be clear: cyber crime is a vast, multi-billion-dollar industry and businesses need to get a firm grasp on it if they have any hope of preventing future attacks.

Without an effective cybersecurity program, your organization cannot defend itself against data breach campaigns, which makes it an irresistible target for cyber criminal. A lack of focus on cybersecurity can damage your business in a range of ways including:

Economic Costs

Theft of intellectual property, corporate information, disruption in trading and the cost of repairing damaged systems

Reputational Cost

Loss of consumer trust, loss of current and future customers to competitors

Regulatory Costs

GDPR and other data breach laws mean that your organization could suffer from regulatory fines or sanctions as a result of cyber crimes.

What cybersecurity measures have you introduced and implemented in your company?