Rise of the vCSO:
A New Profession Emerges in the Effort to Fight Cybercrime
by Toni Lapp
As cybercrimes become increasingly prevalent, especially in highly regulated industries such as banking and finance, remaining complacent is becoming riskier. No business is immune, with such high-profile organizations as JPMorgan Chase, Wells Fargo, the Bank of America, and even the FDIC and IRS experiencing breaches. “Business leaders watch the news and they know the threats are out there,” said Scott Logan, technical director of security for IT consulting firm NetGain Technologies. “They know they need protection but they just struggle with where to start.” The place to start may be with staffing, according to financial industry regulators. In August, the New York State Department of Financial Services began implementing cybersecurity regulations
26
that are expected to become a model for financial institutions everywhere. Chief among the measures is a call for each organization to designate a qualified individual to oversee its cybersecurity program and enforce cybersecurity policy.
THE RISKS FACING FIs
Community banks and credit unions, particularly those lacking a dedicated cybersecurity professional on the executive team, are vulnerable. More than two-thirds of financial service institutions (FIs) have faced at least one cybersecurity attack in the last year, according to MetricStream’s The State of Cybersecurity in the Financial Services Industry Survey. Furthermore, said Logan, the fastest growing segments being targeted within financial institutions are small banks and credit unions. Hackers are increasingly targeting smaller financial institutions with less robust data security systems and
The Arkansas Banker | October 2017
personnel than larger banks. According to Beazley, a leading provider of data breach response insurance, banks and credit unions with less than $35 million in annual revenue accounted for 81 percent of hacking and malware breaches at financial institutions in 2016, compared with the 54 percent of incidents they represented in 2015. Beyond financial consequences, the reputational damage of a cyber attack for a community financial institution can cause harm beyond repair, particularly for community banks that pride themselves on their strong commitment to their local communities. Once a bank is attacked and it becomes public knowledge, the organization often faces financial losses as the result of customer attrition. It is crucial for financial institutions to establish a solid cybersecurity program. However, unlike large financial
