Bank Director | Security Risks Archives

Dave McOmie starts every job staring down a locked door.

McOmie has been a safecracker for more than 50 years, having gotten his start watching a local locksmith help out a neighbor. He became the locksmith’s apprentice and quickly discovered the work of safecracking: breaking into vaults and safes for customers that had become inadvertently locked out of them.

That took him into the world of banking. Vaults have been a mainstay feature of bank branches, but anyone who has worked in a branch will know there are other physical safety mechanisms that occasionally lock up: lockers, cash safes, undercounter units and ATMs. He’s worked on all of them and knows the stakes: Whatever is behind that locked door is important, and someone wants it.

“When the bank or credit union cannot get into their vault, that situation tends to escalate quickly,” he says. There’s usually some urgency to the situation: Someone needs a wedding ring, a passport or a will, and there’s a tight timeline. McOmie is under pressure to open the vault. “[I]t’s stressful when you have an entire family sitting in the lobby, waiting to retrieve their passport so they can go to the airport. … You don’t want to be the reason they didn’t make their flight.”

In facing these locked and secured doors, McOmie says it’s key to prepare and research in advance. A mistake can trigger other safety mechanisms in a vault, quickly shutting down his entire progress. He carefully documents his progress and the products he works on to make the next job easier.

“It’s all about the challenge and the conquest. You’ve got a locked door in front of you. What’s the problem? How can you overcome it? And can you do it efficiently? And quickly?” he says.

McOmie joins Bank Director to discuss how he became a safecracker, how he approaches a locked door problem and what trends in bank branching mean for vaults, physical security and the future of safe cracking. Listeners interested in learning more about his experience can read his memoir “Safecracker: A Chronicle of the Coolest Job in the World,” which includes his experience opening the musician Prince’s vault at Paisley Park.

This episode, and all past episodes of The Slant Podcast, are available on Bank Director.com, Spotify and Apple Music.

With increasing business demands and evolving regulatory frameworks, information security is a top priority for financial services industry (FSI) organizations. This year’s security survey study conducted by Deloitte finds that many FSI organizations have become more proactive in implementing innovative security measures and creating greater awareness of information security within their businesses. However, most organizations in the survey are challenged with balancing the cost of information security initiatives with the perceived risks of sophisticated threats and emerging technologies.

The following summary highlights the responses from over 250 financial services organizations from 39 countries:

Stronger Together: Silos and Barriers Retreat

Almost two-thirds of respondents believed that their information security function and business are engaged.
Over 50 percent of respondents indicated that they have a strong working relationship with operational risk management. Close to half of respondents indicated that they have strong relationships and coordinated activities with enterprise risk management.
Information security governance; identity and access management; and information security strategy and roadmap are cited to be the top security initiatives for this year.

Adapting to New Technologies: Security Innovation

As the use of social media increases, 37 percent of respondents are revising organizational policies; and 33 percent are educating users on social networking to address the security risks.
Many surveyed organizations have explored cloud computing options. However, 40 percent of the respondents indicated they still do not use cloud computing. The reasons cited include technology prematurity, security risks, and adoption capabilities of the organization.
As a part of their mobility program, many organizations have already deployed, or plan to deploy, mobile VPN, central device management, and mobile device management software. However, more than 50 percent of respondents have not yet planned for deployment of anti-phishing software, employee and customer-facing applications, and data loss prevention for mobile devices.

Policing Cyber Threats: Safeguarding Data Assets

Three out of four respondents have dedicated privacy resources; organizations are increasingly focusing on protecting their sensitive information and formalizing the privacy function.
Forty-nine percent of surveyed organizations claim to actively manage vulnerabilities, 82 percent of which are also actively researching new threats to proactively protect their environment from emerging threats.
Most surveyed organizations use the Security Operation Center (SOC) to monitor traffic and data and actively respond to incidents and breaches.
More than half of the respondents indicated that their organizations manage the SOC internally to get a better understanding of information security issues and gain more control over their operations.
Consistent with prior years, respondents cited a lack of sufficient budget (44 percent) and the increasing sophistication of threats (28 percent) as the primary barriers to implementing an effective information security program.

Sector Highlights: Banking

As banks adapt to increased financial regulatory pressure and adopt new technologies to stay competitive, they are challenged with managing myriad vulnerabilities and business expectations.

The following highlights the responses from 158 banking organizations, making up 62 percent of respondents:

Maturity Paradox: How To Keep The Information Security (IS) Program Effective

With increasing regulatory pressure, banking respondents continue to enhance their security programs. Close to 80 percent of respondents believe that their information security programs have reached a Level 3 (set of defined and document standard processes with degree of improvement over time) maturity or higher.
Even as security practices mature and advance, nearly 25 percent of the banking respondents indicated they experienced security breaches in the past 12 months.
Excessive access rights, security policies and standards that have not been operationalized, and lack of sufficient segregation of duties are cited as the top three external audit findings by banking respondents.

Balancing Act: Security and Cost Containment

Even though more than 70 percent of banking respondents dedicate at least 1 to 3 percent of their IT budget to information security, lack of sufficient budget and/or resources is cited as the top barrier for an effective information security program.
Nearly half of banking respondents have already implemented or purchased cloud computing services. Of those who have not implemented cloud computing services, close to 90 percent of the respondents believe the benefits outweigh the security risks.
Vulnerability scanning and penetration testing (72 percent) is the top information security function that is outsourced to a third-party. This is followed by threat management and monitoring services, at 24 percent.

Security Innovation: New Technologies and Their Risks Have Arrived

Nearly 75 percent of the banking respondents are making use of social media; 20 percent of the banking respondents have deployed technical controls to block or limit organizational usage.
When it comes to adoption of mobile devices, banking respondents indicated that the top three security controls are enhancing the consumer acceptable use policy, integrating consumer device security into awareness campaigns and enforcing complex passwords.

To view more results, please download the full study.