Odyssey’s customer IBG gives enlightening interview on outsourcing their cybersecurityMarch 13, 2019
Dr Apostolos Kritikopoulos
“Odyssey has earned our trust in cybersecurity and risk management services”
In an interview, Dr Apostolos Kritikopoulos, CIO of the Investment Bank of Greece, highlights the contemporary needs of a banking organization regarding cybersecurity, pointing out the benefits resulting from Odyssey’s SIEM and Managed Security Services, while stressing the fact that outsourcing cybersecurity services has now become the ideal solution.
What are the needs of an organization in the banking sector on a cybersecurity level?
Organizations in the banking sector traditionally constitute a prime target for cybercrime due to the nature of their operations, and because a successful cyberattack in this field can bring large financial gains to cybercriminals. For this reason, as well as the fact that banking organizations handle sensitive personal information, they are obligated to maintain the highest cybersecurity measures and to comply with relevant regulatory frameworks. They must also always be vigilant against new and emerging cyber-threats, and to adapt their security measures so as to be proactive rather than reactive.
Have you had SIEM and Managed Security solutions in the past? What is the difference with Odyssey?
Before we decided to partner with Odyssey for our cybersecurity needs, we had other SIEM and Managed Security Services solutions through outsourcing by another provider. The main difference between previous partners and Odyssey is that Odyssey’s solutions are more targeted to the individual needs of our organization as well as our sector in general. Moreover, Odyssey specializes exclusively in cybersecurity and has shown to have a well-rounded and holistic approach to it.
What made you choose Odyssey’s ClearSkies™ as well as Managed Security Services?
We were seeking a partner who could prove to us that it could understand our individual needs in cybersecurity and compliance. Odyssey accomplished just that! Initially, it convinced us practically that it understands the special circumstances of our organization as well as the challenges we face. What differentiates Odyssey is the direct contact we have with the professionals who constitute it. Their well-rounded and comprehensive knowledge, as well as their specialization and experience in the field are evident, and they contribute greatly to building trust, which is the most important factor in risk management. Also, the efficiency and power of ClearSkies™, as well as Odyssey’s Managed Security Services, are provided by world-class professionals who prove to as daily that we can rest assured knowing that our cybersecurity is in good hands. Finally, Odyssey’s ClearSkies™ and Managed security licensing models are exceptionally flexible and this gives us the capability to adapt those solutions to our needs, something that is very important to us.
How important is flexibility and adaptability when it comes to cybersecurity services?
Extremely important! The solutions that we acquired from Odyssey are provided with flexibility and they can adapt depending on the needs, size, complexity, sector and geographical dispersion of each organization. Odyssey’s people have demonstrated a deep understanding of the individualities of our organization and they heeded our special needs so that they could design the ideal solutions that are directed specifically to us. Odyssey’s services are scalable, and they can easily and quickly adapt to our constantly-changing needs.
In which way have Odyssey’s Managed Security Services helped you with regards to managing risk in your organization?
Most importantly, we can have peace of mind! Specifically, beyond 24/7 monitoring, Odyssey’s services provide us with timely detection of cyber-threats through a unique combination of Advanced Security Analytics models, Threat Intelligence and correlating information in the context of the risk profile of our organization. We feel that Odyssey’s Security Operations Centers (SOCs) function seamlessly as an extension of our own security operations, and they cover our gaps, thus mitigating cyber risk even more.
How quickly did you receive the first results, and what do you consider to be the total benefit from such a solution?
It took approximately 4 weeks. Compared to experiences we had in the past, this period was minimal. The time required for a security solution of this type to yield the first results is critical because during that phase the organization is in a more vulnerable state and the total risk is higher. The fact that the installation of the ClearSkies™ Big Data Advanced Security Analytics Platform began delivering results in only 2-4 weeks says a lot about the flexibility and the capabilities of this solution.
How did the solution help you with legal and/or regulatory compliance frameworks, such as PCI, ISO 27001 and GDPR?
Odyssey™ is ISO 27001 certified and has been accredited by the Payment Card Industry Security Standards Council (PCI SSC) as a Qualified Security Assessor (QSA) and an Approved Scanning Vendor (ASV), something that signifies its commitment to providing high quality services to its customers. For the banking sector it’s especially important that ClearSkies™ makes it easy to effectively comply with regulatory frameworks such as SWIFT, FISMA and GDPR, something that assures us when it comes to cybersecurity compliance, and it allows us to focus on our specialization in investment banking.
What do you think of some organizations having reservations over outsourcing their cybersecurity?
Despite outsourcing cybersecurity services being the ideal solution when it comes to minimizing costs and maximizing results, many organizations are still reluctant to partner with a provider of such services, mainly due to confidentiality concerns. In the eyes of the customers, few providers have proven worthy of that level of trust through the consistency and the quality of their work. With regards to these criteria, Odyssey has so far earned our trust. We are reassured daily through the direct contact that we maintain with its members who update us on the current security level of our organization in the ever-changing cyber-threat landscape.