Top 10 Influencers in Financial InfoSec

Our Inaugural List of Financial Services Security Leaders
Top 10 Influencers in Financial InfoSec

To acknowledge individuals and organizations that are playing critical roles in shaping the way financial services organizations approach information security and privacy, BankInfoSecurity announces its inaugural list of Influencers.

See Also: The Truth About Mobile Security Risks In Business and What To Do About It

side

Introduction


BankInfoSecurity presents its inaugural ranking of 10 individuals and organizations that we see shaping the way financial institutions approach information security in 2013.

What makes an Influencer? Each of these individuals and organizations is having a major impact on the industry. Their influence ranges from shaping or reshaping regulations to providing needed benchmarks for response to emerging threats.

How did we choose the Influencers? Our team of editors made the selections based on interviews and our news coverage throughout 2012.

10. Doug Johnson

Vice President and Senior Adviser of Risk Management Policy, American Bankers Association


A recognized financial leader, Johnson has played an active role in helping institutions spearhead customer education campaigns aimed at thwarting ACH and wire fraud losses. He continues to communicate with banks and legislators about emerging cyberthreats and trends. His efforts have helped ensure that banks and regulators work together to address consumer privacy concerns.

9. Keith Gordon

Head of Authentication and Security Strategies, Bank of America


BofA is a pioneer in security for mobile banking. The bank has almost 12 million mobile-banking users, and Gordon has been at the helm, addressing security risks from every angle. Under his leadership, BofA developed a collaborative information-sharing program with international vendors from various sectors and financial institutions. The goal: To create a fluid road map that anticipates mobile risks before they strike.

8. Security Vendors

Detecting Trojans, Malware and New Attacks


In 2012, certain security vendors stood out for researching new threats and giving advance warning to banking institutions of the latest fraud trends. We recognize these influencers: RSA for the discovery of Gozi Prinimalka; Guardian Analytics and McAfee for their research into High Roller attacks; Check Point and Versafe for their joint announcement of Eurograbber; Kaspersky Lab for its discovery of the cyberespionage toolkit Gauss; and Akamai Technologies for sharing its insights about the recent distributed-denial-of-service attacks on U.S. banks.

7. Bob Russo

General Manager, Payment Card Industry Security Standards Council


In the months that followed the Global Payments breach, which exposed an estimated 1.5 million credit and debit cards, the PCI Council spearheaded a new training program for point-of-sale installers and integrators. The program directly addresses security gaps that have led to numerous breaches, including those at smaller merchants, over the last two years. Russo has tirelessly promoted this new program, encouraging processors and vendors to help merchants achieve and maintain PCI compliance.

6. Bill Demchak

President, PNC Bank


Under Demchak's leadership, PNC raised the bar for communications after a cyberattack. One of the initial targets of DDoS attacks, PNC was the first to communicate transparently with customers about its online outages. While some institutions barely acknowledged their incidents, Demchak and PNC explained to customers exactly what happened, clarified that no accounts had been breached and offered alternate banking channels. No banking leader responded better to anticipate and address customer concerns.

5. Bill Nelson

President and CEO, Financial Services Information Sharing and Analysis Center


In September 2012, the FS-ISAC for the first time raised the cyberthreat level from "elevated" to "high" for U.S. banking institutions in response to increasing risks posed by DDoS attacks, malware and socially engineered schemes. As the head of the FS-ISAC, Nelson works to help institutions stay ahead of those threats and is an advocate for institutions victimized by incidents of ACH and wire fraud. He strives to find balance between banks' security obligations and customers' responsibilities.

4. Mark Patterson

Co-Owner, PATCO Construction


Patterson became a spokesman for businesses victimized by ACH and wire fraud after PATCO, his construction company, in 2009 suffered a $500,000 loss. Unable to resolve the fraud dispute with his bank, Patterson sued. The case got national attention as it wound through district and appellate courts. In late 2012, the case was settled, and Patterson recovered his initial losses. He continues to fight fraud by sharing openly the lessons he learned through three years of litigation.

3. Benjamin Lawsky

Superintendent, New York Department of Financial Services


This state department superintendent made headlines in August, bringing charges against Standard Chartered Bank for bookkeeping missteps linked to Bank Secrecy Act violations. It was a bold move for a state agency to take such action ahead of any charges from federal regulators. SCB agreed to pay $340 million in state penalties. And although some called him a "rogue regulator," Lawsky stands out for his swift, strong action and the message it sent.

2. Jeff Kopchik

Senior Policy Analyst, Federal Deposit Insurance Corp. (FDIC)


In 2011, responding to evolving online banking fraud, the U.S. interagency regulatory body, the Federal Financial Institutions Examination Council, released a supplement to its 2005 authentication guidance. Kopchik was a primary author of this guidance, which outlines risk assessments, layered security controls and customer awareness. In 2012, the guidance was a blueprint for banks' anti-fraud investments. Kopchik, as a chief architect of the guidance and supplement, earns kudos for his ongoing efforts to improve banking security.

1. Izz ad-Din al-Qassam Cyber Fighters

Hacktivists Behind DDoS Attacks


This hacktivist group, claiming credit for DDoS attacks against U.S. banks, stunned the industry with its brazenness and success. Repeatedly, the group gave advance warnings, launched DDoS attacks against institutions such as Citi, Bank of America and Wells Fargo - and then granted interviews about the incidents. The group's attacks were politically motivated, sophisticated and successful. They gave notice - not just to banks, but to all organizations - that hacktivist attacks are a genuine threat that must be faced in 2013.

1 of

Many financial services information security Influencers emerged in 2012, and not all for positive reasons. Cyberthreats and attacks reflected new levels of sophistication, and it's likely the industry can expect to see more of the same in 2013.

But the financial-services industry took effective steps to respond, proving that national and international collaboration and information-sharing efforts are paying off.

BankInfoSecurity has prepared its inaugural Influencers list to acknowledge the roles key individuals and organizations are playing.

Each of these Influencers is having a substantial impact on the industry. Their influence ranges from shaping or reshaping financial data security and privacy regulations to providing the industry with needed benchmarks for adequate response to emerging threats.

Our selections include some well-known figures and groups along with some less well known. They all made waves in 2012, even if from behind the scenes.

Our editors chose these individuals and groups for their influence over the industry during the last year, as well as for the impact we expect them to have in 2013 and beyond.


About the Author

Tracy Kitten

Tracy Kitten

Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

A veteran journalist with more than 20 years' experience, Kitten has covered the financial sector for the last 13 years. Before joining Information Security Media Group in 2010, where she now serves as director of global events content and executive editor of BankInfoSecurity and CUInfoSecurity, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.