I am sure many of you have used the Waze mobile app for navigation as you have traveled around our great state of Texas and elsewhere. I find it to be one of the most useful applications to use while on the road, be it a short trip around town or across the state.
For those who don’t know what Waze is, simply put, it is a navigation application that can help you get from point A to point B similar to Google Maps or the old school maps such as National Geographic or Rand McNally we used before technology changed our road trips forever. I personally miss pulling out that big 3’ x 5’ map and looking at all the places we would pass through on summer trips.
I digress. You might be asking what Waze has to do with cybersecurity. Well, Waze is not just a map of point A to point B. It has many features that can help you get there safer, quicker and avoid hazards along the road. Let me make a comparison of Waze and cybersecurity that will help put it into better context.
Wouldn’t it be nice if we ... continuously informed each other about the cyber-hazards we might be seeing?
A collective defense effort
With Waze, app users help each other by pointing out hazards, obstacles and useful tips to make your route more efficient or warn you of potential problems ahead. Users can identify if there is heavy traffic ahead with varying levels from moderate to standstill. They can identify if there has been a crash ahead and the severity of it, or if there is a hazard in the road or beside the road and the type of hazard it is.
Wouldn’t it be nice if we — from the board directors to cybersecurity practitioners to employees — continuously informed each other about the cyber-hazards we might be seeing? We call that Collective Defense in cybersecurity. You may have heard GEN Keith Alexander, founder and co-CEO of IronNet Cybersecurity Inc., mention that term at the recent Texas Bankers Association Convention. Board directors could discuss what cyber best practices are working at the other companies they help govern, then instill those at their shared company. Practitioners could inform each other of the latest threats each is facing, and so on, creating a cyber warning system.
Cybersecurity has ‘roadmaps’
As mentioned above, Waze users are telling other users about hazards on the roadways. Sometimes these roadways become blocked requiring one to take an alternate route instead of sitting in traffic for hours. They can even tell other users about weather hazards such as hail, fog or ice. These are helpful tips to let other drivers know to slow down or perhaps take an alternate route.
Employees and cybersecurity practitioners should practice more of this type of helpfulness. Imagine if you all were getting a phishing email — a real one, not an exercise (though both reactions should be the same) — you could lean over to your office mate or fellow teller and say, “watch out for this phishing email, it’s a scam.” Cybersecurity practitioners could do the same. If Bank A is looking for a new security tool, they could reach out to fellow bankers and partners alike, ask for their opinion on particular products and help cut down on precious time that so many of us are in need of.
This type of helpfulness — whether it is an employee, a cybersecurity practitioner or a standard that companies should be using — could really help the efficiency and security posture of all Texas banks.
Cybersecurity has multiple types of users
Waze has multiple types of app users such as families on vacation, truck drivers, police or individuals all going to and from, and all trying to do it in the most efficient and safest manner possible. Waze users are warning others of hazards, what the actual hazard is such as a car on the side of the road or simply consuming what other Waze users are providing.
Cybersecurity is very much the same. Texas banks have employees who are consuming what their internal security or technology team is providing and sometimes participating by warning others of the potential cyber hazards. Banks have cybersecurity practitioners who are giving it their best day in and day out to help keep their bank free from threat actors or breaches. Also, Texas banks utilize trusted partners to lean on to provide cybersecurity expertise and solutions that range from fraud services to vCISO services and products from endpoint security to training.
In closing, October is Cybersecurity Awareness month. It is important for all of you to know that just like in Waze and navigating roadways, you play a role in cybersecurity. Your role can be that of the consumer who occasionally warns others of a cyber hazard, the board member setting the tone about the importance of a strong cyber culture or the practitioner who is heavily involved in protecting your bank. Partners, whether a vendor providing a solution or a trusted advisor to a bank play a key role as well. If we practice cybersecurity in a more collective manner, each one of us will be more equipped to protect customer data and shareholder value of all Texas banks.
Marc Crudgington is the CEO, Founder, vCISO of CyberFore Systems Corporation, a cybersecurity solutions and services consulting venture founded in 2018. He was the Chief Information Security Officer, SVP Information Security for Woodforest National Bank from August 2012 – June 2021. CyberFore Sysytems is TBA Associate Member and Trusted Advisor to the TB-ISAO.