Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity Leadership and ManagementSecurity & Business ResilienceBanking/Finance/Insurance

5 Minutes With

Strengthening financial service cybersecurity

By Rachelle Blair-Frasier, Editor in Chief
5 Minutes With Logo Ross Hamilton

Image via Ross Hamilton

July 17, 2023

Maintaining security systems at financial institutions is top of mind for a lot of security leaders. How can bank security teams harden networks against cyberattacks, or maintain security during a hybrid-cloud migration?

Here, we talk to Ross Hamilton, Chief Information Security Officer at banking and payments infrastructure provider Episode Six.

Security: Tell us a bit about your security background.

Hamilton: I’ve been in financial services for about 20 years, working in technical roles with operational security elements. Since around 2010, I’ve worked in more formal security leadership capacities. Episode Six (E6) — the banking and payments infrastructure provider where I’m the Chief Information Security Officer — is the third fintech I’ve worked with. E6 is a U.S.-based company with a global footprint, so I enjoy the elements that come along with this.

In my current role with E6, I have overall responsibility for both the security of corporate IT and also our globally distributed payment service. Our cloud service operates in multiple regions, serving clients in many countries. It’s an interesting opportunity to work with these multiple regulatory environments and to ensure we’re doing the right thing by our customers.

I’ve always been interested in the security implications of every-day activities, and my educational background is in computer science. Being involved in running computer systems for many years has led me to be deeply invested in the security of systems that process people’s data. I don’t just do this because I enjoy it, I do it because I want people to feel confident that their data is safe.

Security: What cybersecurity threats are most commonly facing banks right now?

Hamilton: In one sense, we all face similar threats. Every bank — and most companies for that matter — has to deal with the baseline level of pain that comes with email phishing, ransomware attacks and similar threats.

For banks specifically, they also have more unique, targeted issues because they are considered to be high value to bad actors. That includes targeting everything from computer systems to personnel. Because of a bank’s role within the larger financial ecosystem, persistent threat actors may go after them to try and achieve longer-term, higher-impact objectives.

Drilling down further, when it comes to smaller financial institutions, like community or regional banks and credit unions, the threats can vary compared to big banks. Smaller players may be more likely to be targets of ransomware attacks where actors aim to deny access to computer systems to achieve a payout that they know is often covered by insurance. Big banks are more likely to be targeted by actors with ambitious goals of destabilization.

Regardless of size, it’s crucial that banks take a multifaceted approach to cybersecurity, especially at a time when various threats can lead to larger-scale financial crime. All banks are exposed to a variety of fraudulent intent through their electronic channels.

Security: How can bank security teams harden their networks against cyberattacks?

Hamilton: I look at it more as establishing a robust information security program rather than simply securing a network. Of course, there are industry best practices that apply across the board, but banks should avoid a check-the-box approach and instead invest the time to understand the specific threat landscape that applies to their institution. From there, they can drive toward mitigating those risks.

Key to a cybersecurity program is risk management, so banks need to maintain a comprehensive risk register. It’s not just about one security-based task but rather a broad array of activities that operate on an ongoing basis. Maintaining a risk register is a big part of this, as is vulnerability management at a more tactical level. Banks really need to understand their technical system — like auditing software, where to set strong passwords, keeping systems up to date, etc. All of this can be tracked through a vulnerability management program.

Another important consideration is segregating the different parts of their systems. That way, in the event of a compromise, it can be contained to avoid a catastrophic event.

The last thing I’ll say is that employees really are the first line of defense. Attackers are going to go after employees, they're going to send them phishing emails, and in the age of social media, they’re even sending messages on LinkedIn. Making sure employees are well-educated is key to ensuring systems remain secure. Part of this is establishing awareness and trust so people know who the security team members are and that they can be approached with issues. The last thing a security team should want is an employee who is too fearful to admit a potential error. Approachability is key.

Security: For organizations yet to migrate to the cloud, can you share some tips for maintaining security during a cloud or hybrid-cloud migration?

Hamilton: As an organization migrates to the cloud, it’s unlikely the end state will be exclusively cloud-based. Rather, a hybrid model is more common because banks will still have people in back offices, and some infrastructure requires physical presence. Security officers should view the cloud as extending the security program that is already in place.

When planning the move to the cloud, banks should consider all of the different phases for migration. Then, conduct a run-through of the risk register for each of those phases. Consider how the changes being made alter the exposure to risk — either by introducing a new risk or changing an existing risk. Each scenario should be reviewed ahead of time to avoid having to react in the moment. Preparation is crucial.

Another thing for banks to consider is business continuity planning. If a migration is happening over time, make sure that your bank not only has a robust business continuity and disaster recovery plan in the end state, but also a way to keep the business online if a service goes down during any point in that migration. Planning to manage failure all the way through better equips the team to deal with any potential challenges before they arise.

Finally, if a bank is working with a cloud vendor, be clear on responsibilities. Traditionally, a bank has been entirely responsible for managing security controls. In the public cloud, many security controls operate on a shared responsibility model. For example, take a basic control like a firewall. The cloud provider and bank both have a responsibility to configure it in order to work correctly. The cloud provider will take care of infrastructure maintenance, but the bank needs to configure appropriate policies for the control to function correctly.

Even with cloud security controls being listed in a provider's assurance report, banks and others still need to understand their responsibility for it to operate effectively. Be sure you understand what you’re getting from the cloud. For this, communication is key.

KEYWORDS: bank security cloud migration cloud security cyberattack financial service security phishing attack ransomware risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Rachelle blairfrasier headshot white

Rachelle Blair-Frasier is Security magazine’s Editor in Chief. Blair-Frasier handles eMagazine features, as well as writes and publishes online news and web exclusives on topics including physical security, risk management, cybersecurity and emerging industry trends. She helps coordinate multimedia content and manages Security magazine's social media presence, in addition to working with security leaders to publish industry insights. Blair-Frasier brings more than 15 years of journalism and B2B writing and editorial experience to the role.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

Laptop with coding on ground

Stepping Into the Light: Why CISOs Are Replacing Black-Box Security With Open-Source XDR

Gift cards and credit cards

Why Are Cyberattacks Targeting Retail? Experts Share Their Thoughts

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Jason Lau — Top Cybersecurity Leaders 2025

    Jason Lau — Top Cybersecurity Leaders 2025

    See More
  • Jennifer Franks | Top Cybersecurity Leaders 2024

    Jennifer Franks | Top Cybersecurity Leaders 2024

    See More
  • Shannon Brewster | Top Cybersecurity Leaders 2024

    Shannon Brewster | Top Cybersecurity Leaders 2024

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing