National Cybersecurity Awareness Month was created in 2004, designated for each October, and is one of the many ways financial institutions engage and inform customers about modern-day cybersecurity attacks and how to avoid becoming victims.
It’s also a passion point for PNC’s Head of Enterprise Technology and Security Deborah Guild. One could even say that she was destined for her current role, given her family’s history. Her grandfather, Lawrence Quackenbush, was an examiner for the Federal Reserve, a role Guild says he took “incredibly seriously,” especially after the Great Depression.
“He saw and taught me the importance of protecting the American financial ecosystem,” said Guild. “I inherited that protective gene from him. His experiences really resonated with me at a young age. Like him, I’m extremely passionate about the importance of being a part of the ecosystem that protects our ability to live our lives.”
As the month officially kicks off, Guild and her team will continue to leverage their passion for and extensive knowledge of best cyber, fraud and physical security to inform clients on not only existing threats that have emerged, but also to provide tips to help show clients how they can protect themselves.
Guild shared her thoughts around the importance of National Cybersecurity Awareness Month, how her team approaches security both during the month and year-round, how the fraud and overall cyber-attack landscape has changed, and where it is heading in the future.
Can you talk about the importance National Cybersecurity Awareness Month, and what it means to you and the bank’s clients?
I’ll start with the bank’s clients. This month is about continuing to build trust in the financial ecosystem. Everybody needs to play their part to build that trust for our clients. Creating educational moments for our customers is huge, because over the course of time, people tend to get lax about what I call “cyber hygiene”. You don’t want to just talk about fraud prevention only when you have a problem. When we raise our children, we talk to them about the importance of other elements of hygiene, like flossing your teeth. While it’s a pain, it’s important to do! The same thing applies to financial health, and the key to financial health is making sure you’re protecting yourself and your loved ones from cyberattacks and fraud.
PNC is placing an emphasis on the changing fraud landscape in all aspects, including digital and physical security. Can you expand on why it’s doing that?
We wanted to converge fraud, cyber and physical security. This isn’t just during this month. It’s also how our team is structured. The reason we did this is because there’s a symbiotic relationship between the three areas. A lot of the threat actors who would seek to disenfranchise our customers from their money are using cyber tactics to do so. They’re using things like social media to recruit participants in nefarious activities. However, those activities show up at some point physically. There’s always a physical aspect of where the cybercrime is perpetuated. To be able to triangulate between those three domains strengthens our program. It also attracts and retains top talent, ensuring that we’re able to look across those three domains and continue to build trust in PNC’s ability to help protect the U.S. financial ecosystem.
What is your team’s overall approach to helping customers protect themselves year-round from modern-day threats?
Never has customer education been more important. Scammers have pivoted from these bold attacks on the financial infrastructure to attacks on the consumer. This can show up in the form of a phone call, with someone on the other line saying that there was a fraudulent transaction on your account. Or in a text that scares the customer by telling them their account has been compromised and asking for their credentials. These scammers have observed different emotional heartstrings and different personas. They’re tailoring their techniques and leveraging automation and other technology that’s commonly available. That means the consumer awareness and education is a huge part of the defensive ecosystem. It’s not the only thing we depend on. However, the best defense is customer awareness. Customers need to be savvy to common tactics, so they can protect themselves. That applies to every domain in security. One of my team’s phrases is “Together Building Trust”. We can’t do this without our customers. Financial fraud has been around since 300 B.C., when a Greek merchant tried to sink his ship, keep the money he was given from an insurance policy, and sell the ship’s cargo that was supposed to be given to the lender if the loan wasn’t paid back. He failed in his attempts, but the bottom line is that fraud isn’t going anywhere. So, we need every part of the ecosystem to look out for each other.
Can you talk more about what drove you to this field and why are you so passionate about cyber and physical security?
My grandfather’s legacy is what lit the initial fire for me. I certainly continue to have a natural curiosity about how we can keep protecting our customers as the threat landscape evolves. I’m also passionate about what banking means to the American Dream. I participate in the Better Identity Coalition, which brings together companies to promote education and collaboration on protecting identities online. The ability to prove who you are is important. Especially now, the ability to digitally prove who you are is extremely important. If you’re not able to do that, you can’t get banking products. That passion also speaks to part of the reason why I’m at PNC, which is because of our Main Street Bank philosophy. I like the fact that we are helping Main Street America get access to quality banking solutions, and we are helping them safeguard those solutions.
How has the fraud landscape changed in the past few years, and where do you see it heading?
Every 18 months, the rate of attacks doubles. This is because of the “real time” concept. That applies to scammers and their tactics. Tactics occur in real-time now. They happen on Instagram, Twitter, and many other platforms. That amplification is real time. The ability for us to prevent those attack, also in real time, it’s predicated on us understanding normal customer behaviors. If we understand that, we can spot unusual customer behavior and give customers more control and a chance to stop fraud attempts quickly. Moving forward, attacks are going to continue to increase. We need to leverage our technology to save customers time and money.