QNB has put in place a robust and dynamic long-term cybersecurity framework using the latest available technologies, including AI or artificial intelligence, which will play a greater role in future, according to a top official of the bank’s cyber security wing.
“We ensure that the AI security controls need to be ready for the next five years starting from now so that when any technologies come around AI, we are ready for it because it’s already in our pipeline,” Reem al-Naimi, Head of Cyber Security Strategy and Product Management, QNB, told Gulf Times on the sidelines of Web Summit, which is currently taking place here.
“AI will play a huge role when it comes to cybersecurity,” she said, adding all security tools with AI will have advanced technologies and algorithm that would be faster to protect any upcoming threats with AI embedded.
She made this point to a question how the bank was coping with the threats that are evolving fast and unpredictable.
QNB maintains a secure and resilient operating environment, supported by robust systems designed to safeguard against cyber threats. Its comprehensive security framework ensures that customer data remains private and secure, while IT (information technology) infrastructure is secure and resilient.
QNB has established a comprehensive security operating model that defines clear governance structures to effectively manage all cybersecurity related risks. The bank continuously invests in advanced technologies to detect, prevent, and defend against evolving cyber threats.
Asked how the bank’s cybersecurity strategies are aligned with its business objectives; she said “when you start establishing a strategy for cyber security, you don’t review what the current requirements are; rather we look at it with long term perspective.”
QNB’s cybersecurity policies and procedures are regularly reviewed and updated to ensure alignment with applicable regulatory requirements, industry best practices, and recognised frameworks such as NIST standards. The NIST Cybersecurity Framework provides a voluntary, flexible, and risk-based framework for organisations of all sizes to manage, reduce, and communicate cybersecurity risks. Highlighting that the monetisation is the new trend that is being discussed not only in Qatar but also globally; al-Naimi said “we are supporting and we are establishing the strategy based on it.”
Asked to what extent the security level of the bank (from IT point of view) has gone up; she said at present, QNB has built security controls with the current infrastructure that have the flexibility to scale up in the future.
“If the bank wants to adapt the cloud, which we are adapting right now, the security controls are already in place,” she said, adding the cloud security is already in place when it comes to data encryption. Highlighting that most daily challenges that the clients face globally are the phishing attacks; she said when attackers start to adapt the AI into their threat threshold, the banks also use AI in their arsenal to counter it.
To a query on how the bank, which has operations in multi jurisdictions, respond to the evolving threats; al-Naimi said the cyber security protocols and controls are established, according to the global standards of framework similar to NIST, ISO, PCI DSS (Payment Card Industry Data Security Standard) to comply with.
“When there is a new technology that will be introduced in the same infrastructure, we have already the basic security controls in place,” she said.
Asked how QNB assess the effectiveness of its cybersecurity; she said the bank has been conducting from time to time the phishing simulation to assess the readiness from the staff.
“We leverage advanced technologies, enforce robust security policies, provide mandatory staff training, and conduct independent assessments to ensure continuous protection of QNB systems and customer information,” according to QNB.
