07/17/2018

The Industry’s Cybersecurity Condition Weighed by Panel

The state of cybersecurity at financial institutions was the focus of a panel moderated by Mike Alles, U.S. Head of Retail Sales, FIS, at the 2018 AFT Spring Summit at California’s Ojai Valley Inn.

The panel, which included John Carlson, Chief of Staff, Financial Services Information Sharing and Analysis Center; Sebastian Fazziano, managing Director & Head of Sales, Gladiator & Financial Crimes Solutions from ProfitStars; Paul Hugenberg III, Founder/President/CEO InfoGPS; and Rob Johnston, SVP, Head of Operations, FIS; discussed several critical issues in the industry including preparedness strategies, data breach notifications, and data management and governance.

“It is getting more complicated,” FS-ISAC’s Carlson said. He summed up the current condition as including increasing dependence on the digital economy and third parties, significant issues related to cyber-hygiene, improved information sharing, increasing reputation risk challenges and the development of new protective capabilities.

“The average tenure for a CISO is 17 months,” Johnston explained. “That probably tells you something about the state of the industry.” He added “It is worse than you think, and it is going to get worse.”

Fazziano noted cybersecurity threats are “pervasive, unrelenting, and costly.” Part of the problem is the industry is not retiring systems faster than it is creating new ones. “Ultimately we have a much larger attack surface that exists today.” Taking systems offline for maintenance or finding time to patch is still a big problem in banking today.

In the community banking space there is also tremendous pride in running the bank. However, “the technologies we are trying to protect ourselves against today are so advanced and fast that it really behooves us to fix the problem of cybersecurity, and get the knowledge and governance inside our organizations,” Hugenberg suggested.

Among the other topics covered were new trends (“IoT risk have started to tangibly put in place areas where machines can do things they did not used to be able to do,” Hugenberg); data (“How is that being protected?” Fazziano); outsourcing (“Smaller FIs want to be able to compete,” Johnston); and breaches (“We are constantly being shaped by some major events occurring in our industry,” Carlson).