The world is evolving. The proliferation of digital devices, mass migration to the cloud, and a rising tide of data is changing the nature of the enterprise. In few verticals is this truer than the banking and finance sector. Bank vaults piled high with paper money are being replaced by digital vaults, in-person meetings at a local branch are giving way to 24/7 mobile banking solutions, and major banking houses are facing serious competition from a new generation of digital-only ‘challenger banks’. Digital transformation means new opportunities, greater efficiency and insight into the business ecosystem, but every paradigm shift brings new challenges. According to the Ninth Annual Cost of Cybercrime Study, released in March 2019 by Accenture, the methods, targets and impact of cyber attacks is evolving at an accelerated pace. In 2018, the report found, the average cost of cybercrime to companies rose by 12% year on year to US$13mn.
“We appreciate that this is the new world; things are changing and they're changing very, very quickly,” says Cory Gould, Chief Information Security Officer (CISO) at Canadian Western Bank (CWB) Financial Group. “20 years ago, we were concerned with things like debit skimming - manual, tactical ways of committing fraud. Now, the proliferation of digitization and the sheer accessibility of financial services remotely and somewhat anonymously is certainly driving the rise of cybercrime. We've seen a significant rise in the levels of organization, structure and sophistication of these threats.”
One of the youngest banks in Canada, CWB Financial Group is headquartered in Edmonton, Alberta and positions itself as the top choice for Canadian enterprises in search of expert advice delivered through a relationship-based approach. “Our size provides us with a level of agility that is allowing us to respond to change in the industry,” says Gould, who started at CWB Financial Group in 1997, and became the first CISO in the bank’s history in December 2018. “The financial industry has been fairly static for a century. Over the last 15 years, however, we've seen a real shift in the demands of our clients. Traditional banking isn't fitting the bill anymore,” he explains.” We sat down with him to explore the approach Gould is taking towards neutralizing cyber threats to CWB Financial Group as it continues to grow at an industry-leading rate (recently surpassing the $30bn total asset milestone for the first time) alongside the global digital banking revolution.
“We’re on the cusp of something really special,” enthuses Gould. “Increasingly, we’re being recognized for the value that we bring to our clients.” As the first CISO in CWB’s history, Gould is part of a bold and innovative shift in the bank’s own culture. A crucial success factor, he explains, is establishing an enterprise architecture in which security methodology is embedded at the initial stage. “It’s a really big win and, I think, critical for an organization as they move forward,” says Gould, admitting that CWB Financial Group had experienced challenges maintaining strong relationships between security and leadership before, “because we didn't have a senior dedicated role for information security. It’s 2019. Nobody is going to deny the need for security, but it's very easy for security to take a backseat in the wake of rapid change. Now, we have a senior security leader out in the organization, pounding the pavement and building relationships with key decision makers, positioning us to be much more proactive with respect to security.”
This closer, more collaborative relationship with the enterprise and technology side of CWB Financial Group is also driving a shift in the philosophy of the security side of the business. The traditional role of a security division as a deterrent, Gould explains, simply isn’t the best way forward in the modern world. “Gone are the days when security just pounds its fist on the desk and says ‘No! Come back later.’ That’s not practical in the digital world we live in.” The rapid advancement of technology is at the center of CWB’s progress, and Gould’s mantra of “enable not deter” reflects it. Technology, he contends, may be creating both business and cybercriminal opportunity, but it is also enabling and empowering security. Stronger relationships between the security and business elements of CWB Financial Group is at the core of this. “Our ability to sit at the table with the business, talk through their needs and challenges, and offer up technology solutions we know are inherently secure, brings to them functionality and capability they've never had before,” Gould explains.
Rapid and ongoing digital transformation has become the day to day reality for any enterprise seeking to stay abreast of the information revolution. Gould recognizes the power of employing technology to automate day to day operations in an institution, as well as process data to generate the kind of insights that lead to high-level decisioning. The key to both applications is artificial intelligence (AI) and machine learning. “One of the key things to enable is machine learning. We are absolutely neck deep in data and analytics like everyone else on the planet. The more dependent we, as an organization, become on our data and knowledge, the more it becomes currency. So, we're using it within our information security program to gain intel and understanding,” Gould explains. In addition to boosting the detection and insight gathering capabilities of CWB’s security department, AI and ML is set to play a key role in automation. “Like any other position in IT, there are the necessary evils of day-to-day operational activities,” Gould notes. “With those ongoing, almost mundane tasks that we have to perform, there is the risk of human error. Any time that you can remove that day-to-day work that just needs to be done from very capable resources and have them focus on the big picture, it’s valuable.”
Striving for a near-perfect security architecture is no mean feat, and Gould recognizes that CWB Financial Group cannot stand against the rising tide of cybercrime alone. “We rely on strong partners who have a genuine interest in our success; FireEye is one of those partners. FireEye sees the world of Cyber Security through the eyes of active threat actors. It is this relevant, real world experience that is assisting CWB Financial Group in meeting our Cyber Security objectives,” he explains.
Every year, driven by experience, artificial intelligence and increasingly sophisticated software, cybersecurity solutions reach closer and closer to infallibility. “With the inception of AI, ML and all of the things that we're able to do with technology today, there's a lot that can be prevented." However, as technology grows more sophisticated, the most common vulnerability for an organization grows more obvious: the human element. According to Accenture’s report, “Whether by accident or intent, many employees are often the root cause of successful cyberattacks.” While security systems and protocols can be updated and tweaked on a daily basis, Gould points out: “You can't patch humans. Humans are vulnerable, passionate and intellectual; they don't think in terms of bits and bytes and ones and zeros, so people make mistakes and we recognize that.” In order to shore up this potential weak point, Gould is turning to the flagship skill in his arsenal: relationship building and management. “It wasn't until one of our more recent and most significant initiatives that we really recognized how important change management is,” he recalls. “Now, one of the most critical tools in our security toolkit is our User Awareness Program. We spend a lot of time with the organization educating, bringing about greater awareness. We know that we will never be 100% in that area but will continue working with the business and our internal clients to keep security at the forefront of the way CWB Financial Group operates.”
The threat of cybercrime is only expected to rise, and the constant arms race of technology, training and relationship building shows no signs of slowing down. Looking to the future, Gould has the responsibility of ensuring that CWB Financial Group remains agile and responsive, even as it continues to scale. With phishing and ransomware replacing cheque fraud and men with guns in balaclavas, Gould and his team are on the front line, protecting CWB Financial Group as it strives towards greatness. Reflecting on over 20 years at the bank, Gould looks ahead filled with confidence and optimism. “As an organization, we pride ourselves on listening intently and asking the right questions to provide our clients with the right financial solutions. We are obsessed with our clients’ success and our proactive approach to supporting them, and we are obsessed with ensuring that the information they entrust us with remains confidential and secured,” he says. “It's a bold vision but I think it's achievable. I've spent my career here and I can honestly say that when this group of great individuals puts its mind to something, there's little that gets in the way.”