A Chat With Roman Medina
The cybersecurity industry, particularly in the banking sector, is an ever-evolving domain, constantly challenged by new threats and technologies.
In an exclusive interview, Augustin Kurian, Editor-in-Chief The Cyber Express, engaged with Roman Medina, the Senior Vice President and Chief Information Security Officer (CISO) at Jefferson Bank, to delve into these challenges and the strategies employed to combat them.
Medina’s tenure at Jefferson Bank, starting in 2014, coincides with a period of significant technological evolution and increasing cyber threats, positioning him perfectly to provide insights into the changes and adaptations in bank security strategies over the years.
Looking ahead to 2024
Roman Medina anticipates a continued focus on specific cybersecurity threats, notably social engineering and impersonation attacks. These methods, which exploit human psychology rather than technological vulnerabilities, have proven to be highly effective for cybercriminals.
Medina’s insights suggest a trend where fraudsters, recognizing the heightened security measures at financial institutions, are increasingly targeting bank customers directly.
The modus operandi involves sophisticated tactics like fake SMS messages and deceptive phone calls, designed to trick customers into divulging sensitive information or clicking on malicious links.
These attacks are particularly challenging to combat as they bypass traditional security measures like firewalls and antivirus software by targeting the end-user directly.
Medina emphasizes that the battle against such threats is not solely technological; it also requires a strong focus on customer education and awareness.
Customers need to be informed about the types of attacks they might encounter, how to recognize them, and the appropriate actions to take in response. This approach is crucial in creating a first line of defense against social engineering tactics.
The rise of these threats also signals a shift in the threat landscape for the banking sector. As banks fortify their digital defenses, cybercriminals adapt by finding new vulnerabilities, often in the form of human error or oversight. This cat-and-mouse game between security professionals and fraudsters is likely to intensify, with both sides continuously evolving their tactics.
Strategies Against Fraud and Attacks
In the battle against fraud and cyber-attacks, Roman Medina highlights the importance of a multifaceted strategy that goes beyond conventional security measures. Central to this approach is customer education and awareness.
As fraudsters target bank customers directly, understanding and recognizing potential threats become crucial in preempting fraud. Medina emphasizes the role of educating customers about typical fraudulent activities, such as deceptive SMS and phone calls, and instructing them on how to respond to such situations. This proactive approach in customer education forms a critical component of the bank’s defensive strategy.
Medina also discusses the need to adapt and enhance technological defenses, especially against sophisticated attacks like those targeting multi-factor authentication systems.
Jefferson Bank is exploring additional methods to strengthen its defenses against such threats, reflecting an understanding that technology and tactics used by cybercriminals are constantly evolving.
Another significant concern highlighted by Medina is the persistent threat of ransomware. Financial institutions continue to be prime targets for ransomware attacks, necessitating robust backup systems and incident response plans.
However, Medina notes a shift in ransomware tactics, with cybercriminals now often resorting to extortion. This change means that simply having good backups is no longer sufficient; banks also need to be prepared for scenarios where sensitive information is threatened to be leaked unless a ransom is paid.
Medina’s insights into combating fraud and attacks demonstrate the need for a dynamic and evolving cybersecurity strategy in the banking sector. It involves not only keeping up with technological advancements but also ensuring that customers are well-informed and prepared to play their part in preventing fraud.
Threat Intelligence and Risk Mitigation
Roman Medina underlines the significance of threat intelligence in the cybersecurity framework of Jefferson Bank. The bank’s approach to threat intelligence began about four years ago and has been evolving ever since. A key focus of their strategy is proactivity – being ahead of potential threats rather than merely reacting to them.
This involves monitoring for brand impersonation or spoofing websites and taking swift action to mitigate these threats, such as taking down malicious sites and informing both customers and employees of potential risks.
Another critical aspect of their threat intelligence strategy is the monitoring of the dark web for indications that the bank’s data or that of its customers might be compromised. For instance, if an email associated with the bank is found on the dark web, proactive steps are taken to ensure that the potentially compromised credentials are not used within the bank’s network. This approach also extends to educating employees about good password security practices.
Approach to Legacy Systems and BYOD Policies
Roman Medina addresses two critical aspects of cybersecurity in the banking sector: managing legacy systems and policies regarding Bring Your Own Device (BYOD). He acknowledges the challenges posed by legacy systems, which often become vulnerable over time.
Medina emphasizes the importance of having a clear plan for dealing with these systems, whether through upgrades or transitions to newer, more secure platforms. In cases where legacy systems are unavoidable, Jefferson Bank implements stringent security measures, such as increased monitoring and restricted access, to mitigate potential risks.
An interesting approach adopted by the bank involves turning off legacy systems that are not in regular use and only powering them on when necessary. This strategy significantly reduces the exposure of these systems to potential cyber threats. Medina’s handling of legacy systems demonstrates a pragmatic approach, balancing the need to maintain certain outdated systems with the imperative of ensuring robust security.
Selecting Cybersecurity Tools
In discussing the selection of cybersecurity tools, Roman Medina sheds light on the intricate process behind choosing the right solutions for Jefferson Bank. He explains that there isn’t a one-size-fits-all checklist for selecting these tools; instead, the process is highly tailored to the bank’s specific needs and objectives.
A significant criterion in their selection process is compatibility with existing security architecture. Medina emphasizes the importance of integrating new tools seamlessly into the bank’s existing security ecosystem. This includes compatibility with their single sign-on and multi-factor authentication systems, especially since many of the bank’s solutions are cloud-based.
Another key factor is the cloud hosting provider’s security posture, assessed through their business continuity plans, disaster recovery capabilities, and independent security audits. Medina particularly values the Service Organizational Control (SOC) reports, which provide detailed insights into the provider’s security controls and practices.
Additionally, Medina stresses the importance of actionable alerts in cybersecurity tools. The bank looks for solutions that not only detect threats but also provide clear, actionable intelligence to respond effectively. This approach reflects a proactive stance in cybersecurity, focusing on tools that not only alert but also guide the response team in mitigating threats.
The Rise of AI in Cybersecurity
The integration of Artificial Intelligence (AI) in cybersecurity is a topic of particular interest to Roman Medina. He acknowledges the growing presence of AI in various cybersecurity applications and the potential benefits it can offer. Medina points out two key areas where AI is making its mark in the banking sector: enhancing employee productivity and being embedded within cybersecurity solutions.
Medina mentions AI tools like ChatGPT, which are being used by bank employees to assist in various aspects of their work. This utilization of AI reflects a broader trend in the industry where AI is increasingly seen as a tool to augment human capabilities, improving efficiency and accuracy. However, Medina also highlights the need for a cautious approach, ensuring that these AI tools are used responsibly and align with the bank’s security policies.
On the cybersecurity front, Medina notes that many security solutions are beginning to incorporate AI modules or frameworks. This trend is changing how cybersecurity is approached, with AI offering more sophisticated and automated threat detection and response capabilities.
However, he emphasizes the importance of understanding how these AI models work, especially in terms of learning and data privacy. Medina’s approach to AI in cybersecurity is both open-minded and cautious, recognizing the potential of AI while being acutely aware of the need to maintain control and oversight over these powerful tools.
In conclusion, this interview with Roman Medina offers valuable lessons and guidance for cybersecurity professionals and stakeholders in the banking industry. It underscores the critical need for resilience, adaptability, and proactive strategies in safeguarding the financial sector against the ever-evolving landscape of cyber threats.
