Finance & Banking , Governance & Risk Management , Industry Specific

How Failing to Address Physical Security Creates Cyber Risk

JPMorgan Chase's Matanda Doss on the Cyber Perks of Virtual Desktop Infrastructure
Matanda Doss, executive director, cybersecurity and technology controls, JPMorgan Chase commercial banking

Cybersecurity programs must go beyond the digital realm and address physical security challenges around buildings and data centers even though there isn't a specific tool to implement.

See Also: The Financial Industry Threat Landscape: Top Threats and Proactive Security Best Practices

Firms often adopt physical security measures such as a secure data center with cameras and locked doors only when it's required by PCI or another regulation, said Matanda Doss, executive director of cybersecurity and technology controls for JPMorgan Chase commercial banking. But someone impersonating a technician could walk past reception and plug a thumb drive into a network-connected device (see: Profiles in Leadership: Matanda Doss).

"When you go to virtual desktops, then you've created a more secure environment," Doss said. "All of the different applications that you're running on your local PC really don't have a way to penetrate a virtual desktop environment. It creates a layer of security that should bring a lot more comfort to organizations that choose to use it."

In this video interview with Information Security Media Group, Doss also discusses:

  • How physical security risks have changed since the onset of COVID-19;
  • How digital transformation initiatives have created security challenges;
  • Key differences between defending against a human adversary and a bot.

Doss has 25 years of technology experience across software development, e-commerce, mobile applications, data security and financial systems. He serves as an information security manager and is responsible for a team of information security professionals, overseeing internal cybersecurity, risk and controls for the commercial bank. Doss is also responsible for helping business leaders and technology teams with their cybersecurity initiatives through JPMorgan Chase's Protect the Client program.

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.