- Roman Medina, CISO at Jefferson Bank, identifies social engineering and impersonation attacks as key cybersecurity threats in 2024.
- Medina highlights the importance of customer education and awareness in combating these cyber threats.
- The CISO also discusses the role of artificial intelligence (AI) tools, the management of legacy systems, and the selection of cybersecurity tools in the bank’s security strategy.
In an interview with Augustin Kurian of The Cyber Express, Roman Medina, Senior Vice President and Chief Information Security Officer (CISO) at Jefferson Bank, expressed his insights and strategies to counter increasing cybersecurity threats in the banking sector.
Medina anticipates that the main threats in 2024 will be social engineering and impersonation attacks, which exploit human psychology rather than technology. He observes an emerging trend where cyber fraudsters, instead of directly targeting banking systems, focus on fooling bank customers into revealing sensitive information. As such, Medina emphasises the need for customer education as a vital part of a defensive strategy against such tactics.
Along with customer education, Medina also emphasizes the need for enhanced technological defenses against sophisticated attacks, such as those targeting multi-factor authentication systems. Aware of the evolving tactics of cybercriminals, Jefferson Bank is reportedly exploring additional strategies to strengthen cybersecurity.
Medina also brings light to the threat posed by ransomware. More recently, cyber criminals have been shifting ransomware tactics to extortion, meaning banks must now also prepare for situations where sensitive information could be leaked unless a ransom is paid.
Medina discusses the importance of compatibility with existing security architecture when selecting cybersecurity tools. The bank favors solutions that provide clear, actionable intelligence to respond effectively to threats. This approach is dependent on tools that not only detect threats but also guide the response team in mitigating them.
Lastly, Medina speaks of the increased integration of artificial intelligence (AI) in cybersecurity and its potential benefits, such as enhancing employee productivity and being embedded within cybersecurity solutions. However, he underscores that while AI is a powerful tool, understanding how AI models work, especially concerning learning and data privacy, is imperative for successful cybersecurity implementation.
In conclusion, Medina’s insights underscore the importance of constant adaptation and proactive strategies in counteracting the evolving landscape of cyber threats in the banking sector.