Top 10 Influencers in Financial InfoSec
Our Inaugural List of Financial Services Security Leaders
Tracy Kitten (FraudBlogger) •
January 2, 2013
To acknowledge individuals and organizations that are playing critical roles in shaping the way financial services organizations approach information security and privacy, BankInfoSecurity announces its inaugural list of Influencers.
See Also: 2024 Threat Hunting Report: Insights to Outsmart Modern Adversaries
Introduction
BankInfoSecurity presents its inaugural ranking of 10 individuals and organizations that we see shaping the way financial institutions approach information security in 2013.
What makes an Influencer? Each of these individuals and organizations is having a major impact on the industry. Their influence ranges from shaping or reshaping regulations to providing needed benchmarks for response to emerging threats.
How did we choose the Influencers? Our team of editors made the selections based on interviews and our news coverage throughout 2012.
10. Doug Johnson
Vice President and Senior Adviser of Risk Management Policy, American Bankers Association
A recognized financial leader, Johnson has played an active role in helping institutions spearhead customer education campaigns aimed at thwarting ACH and wire fraud losses. He continues to communicate with banks and legislators about emerging cyberthreats and trends. His efforts have helped ensure that banks and regulators work together to address consumer privacy concerns.
9. Keith Gordon
Head of Authentication and Security Strategies, Bank of America
BofA is a pioneer in security for mobile banking. The bank has almost 12 million mobile-banking users, and Gordon has been at the helm, addressing security risks from every angle. Under his leadership, BofA developed a collaborative information-sharing program with international vendors from various sectors and financial institutions. The goal: To create a fluid road map that anticipates mobile risks before they strike.
8. Security Vendors
Detecting Trojans, Malware and New Attacks
In 2012, certain security vendors stood out for researching new threats and giving advance warning to banking institutions of the latest fraud trends. We recognize these influencers: RSA for the discovery of Gozi Prinimalka; Guardian Analytics and McAfee for their research into High Roller attacks; Check Point and Versafe for their joint announcement of Eurograbber; Kaspersky Lab for its discovery of the cyberespionage toolkit Gauss; and Akamai Technologies for sharing its insights about the recent distributed-denial-of-service attacks on U.S. banks.
7. Bob Russo
General Manager, Payment Card Industry Security Standards Council
In the months that followed the Global Payments breach, which exposed an estimated 1.5 million credit and debit cards, the PCI Council spearheaded a new training program for point-of-sale installers and integrators. The program directly addresses security gaps that have led to numerous breaches, including those at smaller merchants, over the last two years. Russo has tirelessly promoted this new program, encouraging processors and vendors to help merchants achieve and maintain PCI compliance.
6. Bill Demchak
President, PNC Bank
Under Demchak's leadership, PNC raised the bar for communications after a cyberattack. One of the initial targets of DDoS attacks, PNC was the first to communicate transparently with customers about its online outages. While some institutions barely acknowledged their incidents, Demchak and PNC explained to customers exactly what happened, clarified that no accounts had been breached and offered alternate banking channels. No banking leader responded better to anticipate and address customer concerns.
5. Bill Nelson
President and CEO, Financial Services Information Sharing and Analysis Center
In September 2012, the FS-ISAC for the first time raised the cyberthreat level from "elevated" to "high" for U.S. banking institutions in response to increasing risks posed by DDoS attacks, malware and socially engineered schemes. As the head of the FS-ISAC, Nelson works to help institutions stay ahead of those threats and is an advocate for institutions victimized by incidents of ACH and wire fraud. He strives to find balance between banks' security obligations and customers' responsibilities.
4. Mark Patterson
Co-Owner, PATCO Construction
Patterson became a spokesman for businesses victimized by ACH and wire fraud after PATCO, his construction company, in 2009 suffered a $500,000 loss. Unable to resolve the fraud dispute with his bank, Patterson sued. The case got national attention as it wound through district and appellate courts. In late 2012, the case was settled, and Patterson recovered his initial losses. He continues to fight fraud by sharing openly the lessons he learned through three years of litigation.
3. Benjamin Lawsky
Superintendent, New York Department of Financial Services
This state department superintendent made headlines in August, bringing charges against Standard Chartered Bank for bookkeeping missteps linked to Bank Secrecy Act violations. It was a bold move for a state agency to take such action ahead of any charges from federal regulators. SCB agreed to pay $340 million in state penalties. And although some called him a "rogue regulator," Lawsky stands out for his swift, strong action and the message it sent.
2. Jeff Kopchik
Senior Policy Analyst, Federal Deposit Insurance Corp. (FDIC)
In 2011, responding to evolving online banking fraud, the U.S. interagency regulatory body, the Federal Financial Institutions Examination Council, released a supplement to its 2005 authentication guidance. Kopchik was a primary author of this guidance, which outlines risk assessments, layered security controls and customer awareness. In 2012, the guidance was a blueprint for banks' anti-fraud investments. Kopchik, as a chief architect of the guidance and supplement, earns kudos for his ongoing efforts to improve banking security.
1. Izz ad-Din al-Qassam Cyber Fighters
Hacktivists Behind DDoS Attacks
This hacktivist group, claiming credit for DDoS attacks against U.S. banks, stunned the industry with its brazenness and success. Repeatedly, the group gave advance warnings, launched DDoS attacks against institutions such as Citi, Bank of America and Wells Fargo - and then granted interviews about the incidents. The group's attacks were politically motivated, sophisticated and successful. They gave notice - not just to banks, but to all organizations - that hacktivist attacks are a genuine threat that must be faced in 2013.
Many financial services information security Influencers emerged in 2012, and not all for positive reasons. Cyberthreats and attacks reflected new levels of sophistication, and it's likely the industry can expect to see more of the same in 2013.
But the financial-services industry took effective steps to respond, proving that national and international collaboration and information-sharing efforts are paying off.
BankInfoSecurity has prepared its inaugural Influencers list to acknowledge the roles key individuals and organizations are playing.
Each of these Influencers is having a substantial impact on the industry. Their influence ranges from shaping or reshaping financial data security and privacy regulations to providing the industry with needed benchmarks for adequate response to emerging threats.
Our selections include some well-known figures and groups along with some less well known. They all made waves in 2012, even if from behind the scenes.
Our editors chose these individuals and groups for their influence over the industry during the last year, as well as for the impact we expect them to have in 2013 and beyond.