“You have to think offensively in a different way about how to protect your data.”
At the highly anticipated 2016 Technology Workshop sponsored by Synergent, Keynote Speaker and cybersecurity authority Theresa Payton provided attendees with an engaging and informative presentation well-suited for the day’s theme, “Cybersecurity: A Shared Responsibility.” Over 100 credit union professionals traveled from across New England and from as far away as New York and Mississippi to learn more about the latest tools and procedures in protecting their institutions from cybersecurity.
“If all I do today is scare you, I only did half my job,” opened Theresa Payton, President and Owner of Fortalice LLC, a risk, fraud, and security consulting company that works with businesses and government organizations to protect them against cybercrime. “The other part of my goal is to give you some homework assignments, some things to think about doing differently back at the credit unions, back at the office, and to give you some hope that we can actually do something about this.”
Payton’s experience began in the financial industry, where she held numerous executive leadership roles. Following this experience, she was named the first female Chief Information Officer for the White House. She has authored numerous publications on IT strategy and cybersecurity and has been named one of the Top 25 Most Influential People in Security by Security Magazine. She also is the co-founder of Dark Cubed, a cybersecurity products startup based in Alexandria, VA.
“A lot of companies in all industries will say the customer is number one,” stated Payton. “But you are member-owned, so you’ve got a very different relationship and have that sense of community with the members that belong to you. That makes you incredibly special and incredibly important to the financial services industry and the overall health of the industry.”
In her presentation, “Combatting Cybercrime in the Financial Services Industry,” she discussed that, despite the financial services industry’s investment in cybersecurity, breaches and attacks have not been eliminated.
“All technology by today is open.” stressed Payton. “You would be upset if that smartphone you bought, that tablet that you bought, the computer that you bought, that really expensive technology, if you could not update it, you’d be upset because you spent a lot of money on it. By design, it has an open design so you can download the latest app really quickly, update the operating system, do security patches. By that design, because it is open to be updated, it is open to be hacked, no matter what we do.”
Payton highlighted that it is imperative that credit unions strike a balance between creating a safe and secure environment that keeps fraudsters out while not creating something so complex that members become frustrated. Security is still broken because it isn’t designed around the way that most people work. As an example, complicated, strong passwords typically are not embraced by workers outside of security professionals.
In examining cybercrime around the world, banks, utilities and phone carriers would have to increase their spending on cybersecurity nine and a half times to protect themselves against 95% of cyber intrusions.
“This is not something you can actually spend your way out of,” advised Payton, “You do have to spend money on it, but candidly, it’s a different way of thinking and preparing for this problem than we’ve done in the past.”
Payton reported that Spearphishing was on the decline, but is back on the rise, associated with most of the large cyberattacks that included eBay, Target, Anthem, Sony and several global government organizations. The financial sector suffered the most breaches last year. Malware also is becoming more and more sophisticated, with a new, deviant malware released every 90 seconds. But, Payton also highlighted the important role that the financial services industry has played in advancing Cybersecurity.
“You have been at this since the days of bank robberies, of check kiting, and fraudsters going into the brick and mortar, then routing people to the ATM. You’ve been there on the frontlines and the only reason we have decent cybersecurity for all industries is because the financial services industry – it hit you first, you took responsibility, you took care of the community, and you shared that knowledge,” said Payton.
While it is important to watch for the fraudsters, credit unions also need to be up on the innovations that are happening, such as with the Internet of Things. With refrigerators poised to siphon data and the future of Amazon deliveries via drones, deploying offensive strategies today is the key to future security.
Payton closed with an example she saw that is a great analogy for cybersecurity. While running in Washington, DC, she noticed a bicycle was stolen. The thief removed the valuable frame, leaving one wheel locked to the post the bicycle was secured to. This is similar into cybersecurity in recognizing what can be stolen, what is left, and how to protect the most valuable parts of credit unions.
“I hope a breach never, ever happens to you. But if it does, I want you to be left with the frame, not with the bicycle wheel,” concluded Payton.