Date: Wednesday, October 17, 2018
Location: Miami Airport Hilton, 5101 Blue Lagoon Drive Miami, FL 33126
Moderator: Guillermo A. Benites, SFBI President, Vice President of Financial Services for United Data Technologies, Inc. (UDT)
Panelists: Jeremy W. Smith, Director Division of Financial Institutions, Florida Office of Financial Regulation
Sergio Piñon, Senior Vice President & Director of Security, Ocean Bank
Tom Neclerio, Senior Vice President of Security Services, United Data Technologies
Michael Jimenez, Partner, PAAST P.L. / Genesis Systems Consulting, LLC
(Miami, FL)- One of the most anticipated panels of the 2018-2019 South Florida Banking Institute calendar year took place on Wednesday, October 17, 2018. Guests filled the halls at the Miami Airport Hilton Hotel looking forward to the Cyber Security Panel. The panel was led by Guillermo A. Benitez, SFBI President and Vice President of Financial Services for United Data Technologies, Inc. (UDT). Panelists included Jeremy W. Smith, Director of Division of Financial Institutions of the Florida Office of Financial Regulation, Sergio Piñon, Senior Vice President & Director of Security of Ocean Bank, Tom Neclerio, Senior Vice President of Security Services of UDT, and Michael Jimenez, Partner of PAAST P.L. / Genesis Systems Consulting, LLC. The event began with a cocktail hour, sponsored by UDT, Compuquip Security, and Ocean Bank.
Opening remarks were made before dinner and panel by Guillermo A. Benitez as he introduced Connie Laguna, President and CEO of Center for Financial Training Southeastern. Laguna discussed her role and student recruitment within the Cyber Security programs offered at Financial Training Southeastern. For more information on Center Financial Training Southeastern please visit www.cftse.org. SFBI Board Director Oscar P. Ortiz followed the opening remarks as he provided awareness on nonprofit organization SebastianStrong. SebastianStrong is an organization founded on the late Sebastian N. Ortiz (Oscar Ortiz’s son) in order to raise awareness and funds in the race to cure childhood cancer. For more information on SebastianStrong, please visit www.SebastianStrong.org
After dinner, Benitez began to moderate the panel in question to the current cyber threat landscape. Sergio Piñon led the conversation with information gathered from the National Cyber Strategy released by the Office of the President on September 2018. He discussed that the National Cyber Strategy is based on the following 5 main goals:
- Defending the homeland, protecting networks, systems, functions, and data
- Shared responsibility with Private sector
- 17 Critical sectors identified
- FBI Primary Responsibility
- InfraGard Partnership
Piñon also explained that the Financial Sector is comprised of 76% of cyber attacks, with cloud services coming a close second, and email phishing being the preferred method of hackers. In 2018, Banking and Credit Unions suffered 67 breaches and 1,680,722 records were compromised. Banking and Credit unions represent 12.8% of all breaches YTD (as of 06/04/18, total breaches=522, and 17,504,029 records have been exposed). As of 10/16/18, hackers have attempted 553 attacks to gain entry. Out of the attempts, the most popular techniques hackers have used include email phishing, weak web security, exploitment of application vulnerabilities that are not patched, and the garnishment of administrative credentials.
Jeremy W. Smith focused on providing information on resources available on the topic of Cyber Security. Smith explained that is is very important that everyone in your organization understands the responsibilities they have and do not have when it comes to cyber security. He explained that there are programs and training available for all members of an organization-from Board member to client. It is the organization’s responsibility to set policies in place, to monitor, and to keep members accountable. Some things financial organizations should keep in mind when outsourcing a third party cyber security management provider are:
- The structures involved and in place with both the institution and third party provider
- The appropriate terms that meet your organization’s cyber security requirements
- Remember that you are outsourcing a function, but the risk still remains
As the panel discussion continued, Michael Jimenez examined key statistics on actors and assets from data breaches. According to the 2017 Data Breach Investigations Report results, Jimenez explained that the largest external actors are organized crime and largest internal actors are system administrators. Top assets breached were database servers, followed closely by POS devices. Amongst these data breaches, personal customer data was the largest variety stolen, with breaches occurring primarily though stolen credentials. Jimenez discussed the importance of key controls that should be mandatory in your institution:
- The removal of local administrative privileges
- Continued awareness and education
- Continuous control monitoring and auditing
- Patch management
Tom Neclerio concluded the evening with statistics involving cyber security attacks. It only takes 2 hours time to breach, global dwell time is 101 days, and 66 days time to contain. Neclerio explained that dwell time has reduced currently due to improved security analytics, threat intelligence sharing, SIEM/SOC Investments, enterprise encryption, and incident response process. The average breach cost increases by 75% if not contained within 30 days. SFBI President Guillermo A. Benitez concluded the evening event via question and answer with audience participation.
