Contribution of IT managers must be part of risk management plan, says Wells Fargo executive
Increased security risks can prevent businesses from investing in emerging technologies, but staying on outdated systems can put businesses at greater risk. Mandy Norton, Senior Executive Vice President and Chief Risk Officer of Wells Fargo, said at the Lesbians Who Tech & Allies Debug 2020 summit on Wednesday..
Managing that balance hinges on a holistic view of risk management that includes IT leadership in the conversation, Norton said.
To create the integrated view necessary to protect the business, IT leadership must translate the technology language and risk to the broader executive audience, Norton said.
“It’s really, really important to think of our risk management holistically because you can’t think of managing credit risk, fraud risk, or market risk without incorporating technology,” Norton said. “We are essentially a large technology company providing financial services. “
When Apple Pay was launched, the financial services industry suffered from a lack of holistic management, Norton said. Despite Apple Pay’s security benefits, users could expose credit card information to malicious actors when they transfer credit card information to Apple Wallet, according to Norton. The lack of end-to-end management and process communication created risks.
This is part of the reason why cybersecurity management keeps Norton from sleeping at night. Comprehensive risk management at Wells Fargo doesn’t mean the bank can keep every partner safe. Actors can target financial management applications to which Wells Fargo customers have handed their credentials, ultimately providing an avenue of attack.
“There can be gaps and that’s why you absolutely need to think about your end-to-end process,” Norton said. “Back to this holistic risk management: think about every step of the way. “
However, the benefits of innovation outweigh the risks, Norton said.
“We have great firewalls, but the ‘bad guys’ keep developing their technology as well, so you always try to keep up to date with all the ways that scammers can contact us. ” she said.
Innovate to reduce risks
A spark to innovate ignited during the COVID-19 pandemic. Customers flocked to digital services when they could no longer do in-person banking transactions, and Wells Fargo has relied on innovative technology investments to continue providing support, Norton said.
Cloud computing underpins the way businesses do business today, but there is little regulatory guidance on how to protect businesses and customers from threats in the cloud, Norton said. However, not taking that risk would put Wells Fargo behind.
A company-wide system failure last year showed Wells Fargo the importance of modernization and innovation. TThe bank had to rely on data center backups to ensure business continuity when smoke detection led to automatic shutdown of the power supply in February 2019. Customers could not access online bank accounts, and this increased the urgency to invest in modernized business solutions.
Beyond these services, Wells Fargo sees innovation as a necessary means of protecting company and customer data.
“If we don’t innovate, we won’t be able to protect ourselves and fight against the threats and risks that exist,” Norton said.
Emerging technologies also have the power to improve cyber posture by monitoring the threat landscape. Artificial intelligence and machine learning algorithms can look for fraudulent activity for early detection and mitigation, Norton said.
If Wells Fargo has not updated to the latest technology and all other space companies have doneWells would become the weakest link in the chain and an attack target, Norton said. “It’s really about who has the strongest strategy, and if you don’t continuously innovate and improve… you will be the one who will be hit the hardest,” she said.