Protecting Customers Through a Cybersecurity Control Tower


cybersecurity.png

Citizens National Bank of Texas, the third-oldest independent financial institution in the state, has remained deeply committed to its local community since its founding in 1868. The bank’s hometown, personalized approach to serving customers in the Dallas-Fort Worth area has played an integral role in its success. It was this focus on the surrounding community that led CNB to provide its customers with an extra layer of security by working with DefenseStorm, a Seattle-based provider of cloud based cybersecurity solutions.

As a full-service community bank with $859 million in assets, CNB aims to offer its customers the same service they would receive at any major, nationwide financial institution. This includes technology-driven services like online banking, mobile banking and bill pay. To offer these digital banking capabilities without exposing its network to new security vulnerabilities, CNB invested in security infrastructure and additional safeguards to protect customers and their financial information from potential cyber attacks. Although it had a solid system of security measures in place, the bank needed help monitoring its overall network activity and sought to increase the visibility of security threats.

This is where DefenseStorm comes in.

Heightened Visibility with a Cybersecurity Control Tower
DefenseStorm acts as security control tower for CNB to detect intrusions, investigate threats, take action to stop attacks and report on cybersecurity to regulators and the bank’s board of directors. Additionally, DefenseStorm’s team of security experts provides the bank with 24/7 monitoring support, triaging alerts and working alongside the bank to ensure the strongest security possible.

By constantly monitoring network activity and working with the bank to improve its security posture and quickly resolve incidents, DefenseStorm has helped CNB discover and neutralize at least 10 cyber threats in the past year.

Previously, the bank’s internal team would have to review and analyze all security event data. Now, the bank receives alerts in real time, which allows for a more efficient response and remediation process. Additionally, the bank uses DefenseStorm’s support ticketing feature to provide a clear, documented way to track events and how they are being handled.

Wade Jones, CNB’s senior vice president and chief information officer, values the extra support DefenseStorm provides. “It’s nice, the guardianship—having a security team sitting behind me watching the front line and letting me know if there’s something we need to work on,” says Jones.

Genuine Threat or False Alert?
CNB also leverages DefenseStorm’s search and reporting features, which enable the bank to transform complex and unstructured security event data from separate systems into meaningful, actionable insight. Oftentimes, systems will produce a constant stream of security alerts, many of which are not genuine threats, but which analysts must still review. With only eight hours in the workday, it can be difficult to assess each alert—and that can desensitize employees toward alerts, potentially resulting in a genuine threat being ignored. CNB has overcome this challenge and enacted a more proactive security response by sharpening its ability to interpret large sets of event data, so the bank is only notified if a threat is genuine. Now, the bank can quickly determine the scope of a threat and escalate the event into the remediation process with a click of a button.

The ability to provide a unified, comprehensive view of the bank’s network and systems is vital. “In our journey with DefenseStorm, we’ve brought everything together, log-wise, for all systems in the bank so we can take a more holistic approach,” says Mark Singleton, chief executive officer at CNB.

Enhancing Security without Expanding Staff
Furthermore, DefenseStorm brings a level of cybersecurity expertise that would be difficult for CNB to recruit in its own market. Given the shortage of cybersecurity talent across industries, hiring qualified candidates is challenging, especially for a small community bank, as professionals with advanced security credentials are typically hired by larger corporations. To make it worse, cyber criminals realize this, often assuming that a smaller bank has less sophisticated technology and fewer defenses. However, with DefenseStorm, CNB is able to provide an enhanced level of security, comparable to larger financial institutions, without hiring an extra security expert.

For community banks, business is personal. CNB realizes this and has invested in the infrastructure needed to safeguard its customers’ financial assets.

“Unlike big banks that never see their customers outside of work, we run into ours all the time—at church or at the grocery store,” says Singleton. “If we mess up, it’s our communities, our friends and our grandmothers who are ultimately affected. It’s our job to protect them and DefenseStorm helps us do that.”

Banking on the Cloud: Why Banks Should Embrace Cloud Technology


cloud-technology.png

Cloud adoption has reached critical mass, with roughly 90 percent of businesses employing its technology in some facet of their organization. The cloud presents opportunities for enhanced efficiencies and flexibility—without any security trade-offs—so it’s no surprise that we’re seeing more organizations shift to the software as a service (SaaS) model. But while we’ve seen the healthcare, legal and insurance industries evolve, banks have been more reluctant to adopt new technologies built outside of their own walls.

Why Banks Lag at Cloud Adoption
The banking industry is not known for being nimble. As one of the oldest, largest and most vital industries in the U.S. economy, banking has, in some ways, fallen victim to inertia—relying on traditional technologies and internal networks to disseminate its services. This is in large part due to the widely-held belief that on-premise solutions are inherently more secure than the cloud because data lives in proprietary servers and systems, rather than a service provider’s environment. However, research shows that cyber attacks affect both environments, with on-premise users experiencing over twice as many web application attacks as service provider customers, on average.

Still, for many banks, the perceived risks of the cloud outweigh its forecasted benefits. In fact, 73 percent identified security concerns as the main reason for avoiding it, while 63 percent listed privacy issues as their top worry. That perception is beginning to change, as the cloud’s business advantages have become too significant to ignore. A recent study found big banks are expected to grow from as little as zero percent public cloud adoption to 30 percent by 2019—a dizzying adoption rate for an industry that still relies on legacy systems from the 1960s.

For those still wary of making the switch, here are three of the biggest benefits of moving to the cloud:

Security
Cloud technologies boost your security in ways that on-premise systems are unable to. Traditionally, to use a new offering, you install an on-premise server in your datacenter. Then you must configure network, firewall and secure access to the server. This stretches resources by increasing training requirements, which ultimately detracts from the goal of the offering. Due to economies of scale, cloud companies can own the server, the networks and the processes making the entire offering more complete and secure.

With strict protocols and security certifications like SOC2 and ISO27001 built into many services, banks can ensure that the cloud is accessed and enabled securely for any solution provider they work with.

Understanding the value of security and the benefits that cloud technology brings to banks, a handful of institutions are leading the shift and others are expected to follow. Capital One Financial Corp., an early adopter of Amazon Web Services (AWS), has steadily built its infrastructure in the cloud over the past two years. The company continues to work closely with AWS on specific security and data protocols, allowing the company to operate more securely in the public cloud than it could have in its own data centers, according to Capital One CIO Rob Alexander.

Efficiency and Scalability
The cloud enables teams to be more agile than ever. The SaaS model gives teams the ability to be flexible and enable new interations on-demand. This access to real-time commentary empowers teams to ship updates more quickly and frequently and to push the envelope so they’re constantly improving products to align with what customers are looking for.

By leveraging the cloud to store complex data, organizations can meet ever-evolving regulatory compliance and governance rules mandating data protection. A recent example would be financial institutions working to comply with the EU’s General Data Protection Regulation. The ability to meet regulations can be sped up by a number of the cloud’s features, including built-in auditability for more clarity around your compliance status, and virtual infrastructure that reduces room for error.

On top of addressing infrastructure models, the cloud allows businesses to be elastic. For instance, being able to address the mass amount of credit card purchases on Cyber Monday and expand for that specific demand, rather than having to buy new servers to address the one day-per-year demand.

Overhead Cost Savings
Switching from on-premise to cloud can mean significant savings on overhead costs.

When you work with a SaaS provider, you no longer need to invest in proprietary infrastructure. Instead, you’re able to access and maintain your data through your partner’s established environment. This cuts down on both the up-front capital costs associated with hardware and the continuous costs that eat up budget to keep hardware and software optimized and refreshed.

Rather than pay a flat fee to keep systems up and running, cloud providers offer a variety of metered, pay-per-use options. These include Salesforce and Microsoft Office 365’s pay-per-seat, AWS’ infrastructure as a service (IAAS) pay-per-hour model, and Oracle’s high integration fees.

By outsourcing services to the data center, you can also realize savings on staffing. On-premise technologies can require a team varying in size from one to dozens, depending on the bank’s size. Because your cloud provider takes on the computing, your internal team no longer has to worry about hardware refreshes or server and software updates, freeing up their time to focus on what matters most: your business. Cost savings can also be reinvested into the business to increase headcount, boost wages and drive product innovation.

Cloud technology has already been embraced by businesses in numerous industries, but banks have been slower to acknowledge its benefits. Now, as cloud’s positive impact on security, efficiency and cost come to the forefront, it’s becoming harder for banks to ignore the advantages. Already, we’re seeing early adopters reap the benefits, from a financial standpoint and innovation perspective, and in the coming years, we can expect to see banking in the cloud transition from a “nice-to-have” to a business-critical approach to moving up in the market.