The top finisher on the Forbes list of America’s most cybersecure banks is Flushing Bank, a regional institution serving New York City whose chief information security officer (CISO) is Richard “Rick” White, adjunct professor in the School of Cybersecurity and Information Technology at University of Maryland Global Campus (UMGC).
The Forbes list ranks the top 50 U.S.-based banks for their best-in-class website security and cybersecurity infrastructure. We caught up with White to learn why the CISO is increasingly one of the most important positions in at today’s financial institutions.
What does a bank CISO do—and how has the job evolved?
The role of the CISO in banking has transformed significantly over the past five years. Traditionally seen as guardians of cybersecurity protocols, CISOs now play a pivotal role in shaping strategic decisions and aligning security strategies with business objectives. This evolution stems from the realization that cybersecurity is not just a technical concern but a fundamental aspect of business risk management. CISOs are now expected to engage at the highest levels of the organization, providing insights to the board on emerging threats, regulatory compliance and the integration of security into digital transformation initiatives. In essence, the CISO has evolved from a technical expert to a strategic leader of cybersecurity.
What goes into making a financial institution cybersafe?
Securing a financial institution requires a comprehensive approach that encompasses people, processes and technology. Financial institutions must cultivate a culture of security awareness among employees, enforce access controls, conduct regular risk assessments and establish a proactive incident response plan. Collaboration with industry peers, sharing threat intelligence and staying prepared for emerging cyber threats are also crucial. Employee awareness and training help keep pace with continuously evolving defenses to stay ahead of sophisticated cyber adversaries.
Do you tend to react to attacks after they happen or do you take a more proactive approach?
My approach leans toward proactive measures rather than reactive responses to cyberattacks. By facilitating a proactive stance, we prioritize vulnerability assessments, penetration testing and continuous monitoring to identify to mitigate potential security weaknesses. Additionally, investing in advanced security technologies enables us to stay ahead of evolving threats and minimize the likelihood of successful cyberattacks.
And the obstacles in executing that strategy?
The greatest challenges faced by me and other CISOs in the banking sector include keeping pace with the rapidly evolving threat landscape, operating with limited resources and ensuring that all employees adhere to a set incident response plan. All these issues are a constant concern. The greatest of these is ensuring that employees are prepared to respond as planned. Even well-trained employees can panic and make mistakes. However, in times of emergency, staying calm and acting as planned is the most beneficial route to preventing and/or mitigating the damage that may be caused by an attack.
What keeps you up at night?
As a CISO, my biggest concern is the possibility of a significant data breach or cyberattack that could compromise the integrity of critical financial systems and customer data. Despite our best efforts to implement robust security measures, the reality is that no organization is immune to cyber threats. The potential financial losses, reputational damage and regulatory repercussions associated with a cyber incident weigh heavily on my mind. Even above this is the risk of losing customer trust. Keeping customer data as well as sensitive information safe is always a priority, and the problems that could arise should an attack succeed are always a real concern.
What advice would you give someone who wants a career as a CISO at a financial institution?
Begin by earning a relevant degree in computer science or information technology. This educational foundation will provide you with a solid understanding of the field. Next, gain practical experience by working in various information security roles, such as security analyst or network administrator. Accumulating several years of experience in areas like vulnerability management, incident response and risk assessment is crucial.
Obtain industry certifications like Certified Chief Information Security Officer (CCISO), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or Certified Information Systems Auditor (CISA) to showcase your knowledge and commitment to information security. Strong leadership and management skills are also important, as CISOs must communicate effectively, lead teams and make strategic decisions. Consider participating in management training programs and taking on leadership roles to enhance these abilities.
Share This