Behind a tinted mirror-like partition on a corporate office floor in Cincinnati, a team of defense specialists huddle around flat screens monitoring, reviewing and thwarting cyberattacks by bad actors in far-flung corners of the world.
Welcome to the U.S. Bank Cyber Defense Center, where these highly trained experts process more than 4 billion cyber events daily, springing into action any time they detect an unauthorized attempt to gain access to bank systems. Although Cincinnati is the bank's crown jewel for monitoring and detection, its broader information security services team has more than 600 employees in five countries. To best facilitate 24/7 coverage, for example, the bank opened an additional center in London, England, in 2016.
“We are always on guard with our dedicated security teams monitoring activity around the clock to ensure customer information is protected,” said U.S. Bank Chief Information Security Officer Jason Witty. “Managing cybersecurity is a lot like being a weatherperson, with a major difference in that in the world of cybersecurity there is a new type of weather every quarter and none of the old weather types ever go away.”
We invest in and use state-of-the-art automated tools and protocols to process mundane events, freeing up our defense specialists to nimbly make informed decisions in times of action.
For example, we use orchestration, which works to automate our tools and systems creating efficiencies helping to mitigate cyber threats. And we are investing in machine learning, analytics and artificial intelligence to bring together the massive quantities of data we have to identify and stop cyber threats and fraudulent activity.
One of the ways we stay a step ahead is by introducing and adapting to new technology such as Apple Pay and Samsung Pay tokenized payments solutions. We are creating innovative, frictionless and customer-centric controls. We already offer biometrics for authentication, but are constantly looking for ways to improve that.
In 2017, we rolled out geolocation. With our customers’ permission, we are able to know if the person making a card transaction is the cardholder, based on the proximity of their mobile device. As a result, we’re confirming the validity of transactions and avoiding that dreaded experience of a decline at the point of sale.
A decade ago, we partnered with other financial institutions to form the Financial Services Information Sharing and Analysis Center (FS-ISAC), which today includes 7,000 institutions around the world. When a financial institution experiences an attack, it affects or could affect the entire banking system. These partnerships help stop attacks before they can spread.
Our CISO Witty has seen a number of attacks thwarted during his 20-plus years in the cyber industry. He chairs the FS-ISAC and knows the value of those partnerships. His leadership has led to the implementation of a number of process and systems to better protect customers. In 2018, Witty was voted by his peers as the Information Security Executive® of the Year Award winner for the ISE Central Region.
We are also learning from and building a pipeline of young cybersecurity talent. We have established cyber fellow partnerships with the New York University School of Engineering and the Institute of Technology Blachardstown in Dublin, Ireland. We also offer cybersecurity scholarships in partnership with universities across the country including Northern Kentucky University, University of Washington, the University of Missouri in St. Louis and Whatcom College. And we are participating in STEM programs, robotic competitions and sponsoring middle school age students on app challenges.
In today’s fast-paced, digital first world, preserving and protecting customers’ money is critical for the entire banking industry. Protecting customer information is our highest priority.
Susan Beatty works in public affairs and communications for U.S. Bank.