Role of an Information Security Leader

Tim Held, CISO, U.S. Bank

Tim Held, CISO, U.S. Bank

The velocity of change in the consumer marketplaceand workforce is astounding and it continues to accelerate. As cybersecurity professionals, it is our responsibilityto anticipate emerging threats through risk-based, intelligence-driven and predictive strategies to protect our employees and our customers.

One of the most significant areas of new technology architecture is the cloud and mobile environment. Today, many of our industries are facing additional competitionfrom other payment services industries and while we need to compete, we also need to do it right, especially when it comes to security and online protection. For example, we need to make sure all the data we manage is secured correctly as we transition to newer cloud technologies in the face of new, constantly evolving threats.

"We as information security leaders need to challenge ourselves to secure our companies manage the risk and enable our employees to help us shut down threats"

Many organizations are shifting data storage from what are known as traditional data centers to the cloud environment. And the move is extending into our homes and personal lives with the Internet of Things (IoT). We now have smart thermostats, smart appliances and personal digital assistants. It is really fascinating, but if you are tasked with protection, new connected technologies can be challenging to manage. New technology is cheaper and faster and has created a new way for the threat actors to target people at work and at home.

We are also facing more and more artificial intelligence and the governance of it. We are constantly reviewing and asking ourselves if the tools and services are collecting the right data, if we have the right controls in place, and most important, how we can control any accidental data leakage. It’s an area that demands constant vigilance.

Lastly, nation-state attacks have been a significant issue for the cybersecurity industry for many years and that continues. With these potential threats, we stress the necessity of having good IT hygiene for both our employees and our customers. The basics are essential - making sure employees and customers secure and patch. With multiple browsers in use, we must ensure good basic hygiene is exercised.

On the innovation front, it’s hard to understate the significance of blockchain. It’s a game-changer in financial services technology. It has the potential to enable us to securely share the exact same information in the exact same way with multiple companies that bank with us – all over one interconnected system. It also has the potential to lower risk, increase security and reduce the time to originate, fund and close loans. We are monitoring the advancement of blockchain closely.

Overall, there is a traditional way of doing things and that needs to evolve and change.We as information security leaders need to challenge ourselves to secure our companies manage the risk and enable our employees to help us shut down threats. We need to move faster and adjust our operating models. We need to become better educators, teachers and advisors to our employees and customers.

The future will present higher stakes for those of us responsible for protecting data. Cybersecurity is very much a team sport. We need to continue to share threats across industries to better protect all of us. The next level of online threats will include data destruction, where potentially companies could be wiped out overnight, especially smaller companies. Banks don’t compete on safety and soundness in our business. We are open about sharing information about threats and attacks because protecting the larger ecosystem is critical. Our economy and society depend on it.

It’s our responsibility to get this right.