Wave Systems Corp. (fka WAVXQ)

[Genz2]

At USAA, cybersecurity is a ‘24/7 problem’

https://www.expressnews.com/business/technology/article/At-USAA-cybersecurity-is-a-24-7-problem-13376369.php

Amid a raging cyber war, USAA’s cybersecurity experts must be on the defense at all times.

At the Cyber Threat Operations Center, located inside the bank’s headquarters in San Antonio, they are always monitoring attempts by cybercriminals to gain access. Teams focus on detecting threats, analyzing them, looking for vulnerabilities and reverse engineering malicious software. There’s someone on shift around the clock.

An electronic map on a wall in the center lights up with yellow arcs showing the millions of attacks against the firm on a daily basis. They come in from all over the world.


On a recent weekday, there were more than 12 million in a 24-hour period. Gary McAlum, chief security officer at USAA, said he’s seen that figure get up to 20 million.

“We look at security as a 24/7 problem,” he said. “The problem of cybersecurity never gets solved. It just changes and morphs continuously.”

Financial institutions have always been appealing targets for thieves, but the frequency and sophistication of cyberattacks has contributed to a sense of urgency. Hackers have unlimited times and resources, McAlum said. At USAA, “we live in a state of what I call healthy paranoia,” he added.

Along with financial implications, breaches can tarnish a company’s brand.


The average cost of cybercrime in the financial services sector was $18.28 million last year, according to a study by Accenture and Ponemon Institute. It was the highest figure among the 15 industries the groups looked at.

In a 2017 report, the U.S. Department of the Treasury listed cyberattacks as one of the main threats to the industry. “Financial firms are connected through complex, interconnected networks,” the authors wrote. “Disruptions to the operations of a key institution in the financial system could be transmitted through these networks and lead to a systemic crisis.”

Financial firms are getting better at preventing attacks, another report by Accenture found. They surveyed more than 800 security professionals from the financial services sector and found that companies stopped 81 percent of breaches between Feb. 1, 2017, and Jan. 31, 2018, compared with 66 percent for the 12 months prior to that time period.

However, more than 40 percent of breaches on average went unnoticed for over a week, they found.


“Financial services firms are converging to a level of mastery when it comes to the security status quo, including their cyber resilience and response readiness,” Chris Thompson, global security and resilience lead for financial services at Accenture Security, said in a news release. “But as business technology evolves, so too must cybersecurity. The new technologies that banks and insurers are embracing — including cloud, microservices, application programing interfaces, edge computing and blockchain — will create new security risks, especially as cyberattacks evolve in sophistication.”

USAA had a net worth of $30.6 billion and more than 12 million members last year, according to its annual Report to Members. The firm has the dual responsibility of protecting its enterprise, which includes employees, servers, mobile devices, computers, data and the supply chain, as well as its members and their digital interactions, McAlum said.

“You have to respect the threat because they have unlimited resources and every advantage,” he said. “If you ever think you're better than the threat, you get complacent and careless.”

The organization and other financial institutions see an assortment of attacks, from large-scale bot attacks to phishing sites to different kinds of malware, said Joe Arthur, USAA’s executive director of information security engineering and cyber operations. The firm does penetration testing, both standard tests and unannounced ones to see how employees respond to simulated attacks, and provides training for employees.


One of the six teams he leads focuses on threats that didn’t manage to get in, looking at who might be targeting the organization and how they can detect them.

“How do we understand the latest tactics and techniques that are out there that are used by attackers, and then how well-positioned are we to defend against that sort of attack?” Arthur said.

The biggest challenge on the consumer end is authentication, McAlum said.

The main way to verify someone’s identity currently is through knowledge-based authentication: People have to enter a user ID and a password and possibly answer a few security questions.
==================================================================
When I see articles like this and the immensely positive impact Wave could have on USAA and others, and USAA is only an hour and half away, one conversation with the right person could have Win-Win benefits to USAA and Wave! And USAA isn't the only financial services company running its cybersecurity this way.
==================================================================
Some important links for those interested in Wave:

https://www.wavesys.com/products/wave-virtual-smart-card

The white paper:
https://www.wavesys.com/virtual-smart-card-2.0-from-wave

https://www.wavesys.com/buzz/pr/wave-announces-5-year-master-license-agreement-virtual-smart-card-20-leading-global

Wave Announces 5-Year Master License Agreement for Virtual Smart Card 2.0 with Leading Global Financial Services Company

Wins competitive evaluation against market leader in two-factor authentication tokens

https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management