Data analytics and threat intelligence are two vital tools for security ­professionals, says Citizens Bank Chief Security Officer Holly Ridgeway.

Q&A: Citizens Bank Security Chief Holly Ridgeway on Keeping Hacking at Bay

In a world where illicit tools make amateur hackers a real threat, businesses need well-trained staff, good data and threat intelligence to defend their networks.

While hackers continue to get smarter and the threat landscape more challenging, a new wrinkle has emerged: the growing availability of tools that can make even low-skilled amateurs a serious threat to networks.

In a recent conversation with BizTech, chief security officer for Providence, R.I.-based Citizens Bank, explains how small businesses can respond to these and other modern threats.

BIZTECH: What do you see as the greatest cybersecurity threats right now for businesses? The things that really keep you up at night?

RIDGEWAY: Over the past several years, we have seen lesser-skilled threat actors increasingly able to leverage more advanced tools and attack methodologies.

These capabilities, such as Malware as a Service and advanced push-button exploitation tools, have increased the threat volume. Also, organizations’ attack surfaces continue to expand with mobile and cloud-based solutions, creating additional risk. We’ve also seen rapid propagation of destructive malware. NotPetya and WannaCry are great examples of how crippling self-propagating malware can be.

DOWNLOAD: Get CDW's latest insights report on cybersecurity trends impacting your business!

BIZTECH: When it comes to the threat landscape, what’s changed in the last four to five years that’s notable?

RIDGEWAY: Hacktivist threats have diminished, with threat actors concentrating on attacks with potential for financial gain and intellectual property theft. Threat actors continue to evolve and devise new ways to monetize cyberattacks, whether it’s via cryptomining, ransomware, point-of-sale malware, or attacks against ­payment networks and ATM infrastructure. We’ve also seen an increase in “as a service” platforms sold on the dark web in a multitude of flavors, including phishing, distributed denial of service, etc. Threat actors are looking for the quickest and easiest ways to make money.

BIZTECH: What are the best tools that security professionals have at their disposal right now?

RIDGEWAY: The tools chosen by any organization must be tailored to handle the threats that they face, to align with their overall security ­philosophy and to address fundamental concerns of protecting the confidentiality, integrity and availability of critical data and assets.

One of the best assets businesses have is a properly educated workforce that can identify threats such as social engineering, phishing or malicious emails. These are common tactics threat actors use, and a vigilant workforce that reports threats effectively can significantly increase the efficiency of a cyberdefense team.

Holly Ridgeway
One of the best assets businesses have is a ­properly educated ­workforce that can identify threats such as social engineering, phishing or malicious emails."

Holly Ridgeway Chief Security Officer, Citizens Bank

Security professionals should also be deploying data analytics, overlaid with cultivated and vetted threat intelligence and sound workflows that allow for timely and effective response actions. Automation and orchestration are key components, but all alerts and triage actions need to be conducted by a trained analyst with intimate knowledge of the organization’s network.

BIZTECH: Beyond hackers, are there other obstacles facing businesses when it comes to protecting their networks?

RIDGEWAY: There continues to be a shortage of cybersecurity professionals, which leads to a competitive recruiting environment where top talent can be lured away from an organization. Depending on the resource being lured away, a significant amount of institutional knowledge may leave also, leading to deterioration in a team’s effectiveness for a period of time. That’s why it’s so important that organizations cross-train and mentor junior personnel in the event that resources leave. All organizations should have succession plans in place, and security programs should establish and document repeatable processes, procedures and playbooks to ensure continuity of operations.

Employees are one of our front-line defenses and one of our most vulnerable sources of exploitation by threat actors. It’s important to train employees to recognize and report suspicious phishing emails. It is challenging, as the threat actors utilize social media to craft tricky and sometimes personalized phishing schemes. Creating a training program that utilizes different phishing scenarios that educate employees on how to recognize and report suspicious activity is an important part of a successful security program.

MORE FROM BIZTECH: Many security pros straddle good and bad hacking practices.

BIZTECH: What do you see emerging, techwise, that’s starting to help in the battle to protect data? Artificial intelligence? Automation?

RIDGEWAY: Organizations do not have an unlimited supply of resources. The nature of cyberdefense involves numerous events of interest that could eventually become incidents. Automation of repeatable, easy-to-resolve issues frees up an organization’s valuable cybersecurity resources to focus on the more difficult investigations of anomalous activity. Automation allows organizations to focus on identifying the new and ­emerging threats as opposed to devoting resources to everyday issues.

Artificial intelligence is still immature in the security space. Many cyber professionals are skeptical and taking a wait-and-see approach. Predictions are that it will eventually become a mainstream foundational element for cyberdetection and defense.

BIZTECH: Do you have any advice for IT ­professionals in smaller companies about maintaining data security with limited resources and few dedicated security professionals?

RIDGEWAY: The first thing that any organization should do is identify the most important data and assets it has and prioritize mitigation techniques around the protection of these crown jewels.

Organizations face a vast number of threats, and in a perfect world, as security professionals, we would like to say we can stop any threat targeted at us. However, with limited resources, it is imperative to prioritize what is most sensitive and what could have the largest impact on revenue and business continuity.

There are many managed services that can provide protection to small organizations. A managed service can afford to hire expert talent and deploy advanced systems. This spreads the costs among many organizations. This is the most economical way that smaller organizations can have top talent and defenses at an affordable cost.

Additionally, small organizations should leverage sharing communities as much as possible and collaborate with peer institutions and government agencies.

Threat intelligence shared among these communities is timely, relevant and purposeful, allowing organizations to protect critical systems and assets from cyberthreats. There are many organizations that are free, such as the FBI’s InfraGard program, and state-run organizations, such as the Rhode Island State Fusion Center.

Photography by Jason Grow
Nov 13 2018

Sponsors