SECURING A FAMILY-OWNED BUSINESS WITH ST LOUIS’S FIRST BANK DIGITAL REPORT 2022
IN ASSOCIATION WITH:
SECURING A FAMILY-OWNED BUSINESS WITH ST LOUIS’S FIRST BANK
2
first.bank
first.bank
3
FIRST BANK
Marc Ashworth, SVP & CISO at First Bank, discusses his role as a leader at the family-run business First Bank, who are helping local businesses thrive
A
t First Bank, the vision is clear: for now and well into the future, they’re looking ahead to identify every available avenue to help nourish and support family-owned and privately held businesses, regardless of their size or tenure. As a proud, family-owned business with a 100-year-plus history, First Bank specialises in privately held and family-owned businesses, in addition to offering extensive personal and wealth services – so there’s an innate willingness to go the extra mile and partner in their customer’s long-term success. As a fitting example of this, First Bank launched the Center for Family-Owned Businesses to offer tailored resources to serve the unique needs of family business members. The Dierberg family, along with First Bank’s Chairman and Chief Executive Officer Shelley Seifert, remain committed to establishing it as the bank of choice for families and family-owned businesses, now and well into the future, through continued growth and innovation. Part of this service, and perhaps one of the most crucial parts for any business in today’s marketplace, is security – whether physical or virtual. Marc Ashworth is the Senior Vice President & Chief Information Security Officer for First Bank. Under his management remit are four teams: the Networking Support Team; the Information Security 4
first.bank
Example of an image caption first.bank
5
FIRST BANK
Securing a family-owned business with St Louis’s First Bank
“ We refer to our team of colleagues as being family, so it's woven into all that we do” MARC ASHWORTH
SVP, CHIEF INFORMATION SECURITY OFFICER, FIRST BANK
Group; Fraud Team; and Physical Security. With the bank now for four and a half years, he has accumulated over 30 years in the industry. Heritage drives culture at First Bank First Bank, as Ashworth explains, more than understands how best to cater to the needs of other family-owned businesses, as well as their family employees. “The family focus applies to more than just our clients. We refer to our team of 6
first.bank
colleagues as being family, so it's woven into all that we do. And you really feel it when you talk to the owners, as they're really supportive of what you do. It's a lot different when you're with a family-owned business versus just a corporation, in my opinion,” he added. First Bank is uniquely positioned to understand the needs and challenges of other family-owned and privately held companies, due to four generations of reliable ownership that offer the ability and experience needed to help businesses plan for the long term and ultimately thrive in today's environment. The bank offers consistent and high-quality experiences for their clients that cover a range of topics especially geared to family businesses. Ashworth adds: “Whether it's succession planning, tax strategy, family, trust issues, estate planning, and more, we have the experience and expertise to support the family-owned businesses with any banking
FIRST BANK
need. We help family businesses thrive across generations and in ways that go beyond traditional banking products.”
MARC ASHWORTH TITLE: S VP, CHIEF INFORMATION SECURITY OFFICER
Issues in cybersecurity for smalland medium-sized enterprises Ransomware has been a big topic for most businesses in recent times, because of the potential destructiveness. According to Ashworth, even when companies have tried to pay the ransom, they may only get a limited amount back, and this exacerbates the need to build an infrastructure around that major threat, so that you can recover and be protected. “Ransomware in a lot of cases is a symptom of an overall breach, because there's lateral movement going on. So, for me, I'm concerned about lateral movement. We protect against that and stop it or mitigate it as much as possible.”
INDUSTRY: FINANCE LOCATION: GREATER ST. LOUIS, USA Marc Ashworth, Chief Information Security Officer at First Bank, is an esteemed security professional with over 30 years of experience in cyber security, fraud, IT/security, business strategy, project management, author, and a public speaker. He is a board member of the St. Louis Chapter of InfraGard, Co-Founder of the State of Cyber Annual Security Conference, and a Lifetime member of FBI Citizens Academy. Possessing security certifications in CISSP, CISM, CRISC, and Security+, Ashworth currently oversees First Bank’s Information Security Department, Corporate Security, and the Network Services Department.
Client Story Bob Brinkman, Brinkman Constructors
1906 Year founded
Our Vision "To help family-owned businesses, their families and employees thrive through the generations." be with First Bank."
EXECUTIVE BIO
"It's just been a wonderful relationship. They're easy to deal with and they're a family-ownded buisness; they're not a large bank corporaton like some of these people that we've done business with. But it's been a great ride. We'll always be with First Bank."
Segmentation has never been this rewarding Stop ransomware in its tracks. Boost security performance with Akamai Guardicore Segmentation.
Learn more
Akamai prioritises the future demands of cyber customers Steve Winterfeld of Akamai discusses the company’s university-based founding and how it merged into a leading multibillion-dollar cybersecurity firm Akamai was founded following a competition at the Massachusetts Institute of Technology (MIT), entered by its co-Founder and CEO Frank Thomson Leighton—Dr Tom Leighton. Since that time, the organisation has expanded massively, and in the words of Steve Winterfeld, Advisory CISO at Akamai, the company “continues to solve hard problems.” The cybersecurity company plays a critical role for corporations as it focuses on the future, to determine whether threat motivation will change and how to best combat ransomware attacks, state-sponsored DDoS attacks, and ransomware that could turn into wiperware. “Those are real concerns, and we’re keeping an eye out for those. And so we have probably 15 security capabilities backed up by services, responding to customers’ needs and rapidly growing on the edge compute and cloud side.” “We started out with a web application, or as it is more commonly called now, web application and API protection, and expanded into protecting the infrastructure against DDoS to include the DNS infrastructure and recently added internal infrastructure protection and visibility through micro-segmentation,” explains Winterfeld.
Responding to the cybersecurity needs of the customer As an established cybersecurity organisation, Akamai can now focus on what customers need. Winterfeld explains that, in response to its clients’ feedback, the company has been acquiring the necessary assets and tools to fulfil those needs with the recent purchase of Guardicore. Guardicore’s leading microsegmentation products will be added to Akamai’s comprehensive portfolio of Zero Trust solutions to protect enterprises from damage caused by breaches like ransomware, while safeguarding the critical assets at the core of the network. “We bought Linode, which is a cloud provider. And so now we have an integrated platform to build and perform on as well as secure.” A prime example of Akamai’s ability to meet customer demands, particularly in high-risk environments, is its partnership with First Bank, which is “very concerned about its real-time visibility into its network. We’re partnering with them on a software-based microsegmentation, where they’re able to see those data flows and create segments.”
Lateral movement is when an attacker or software can bounce from one machine to another within the network. Bouncing between servers and PCs can mean multiple places to install software that can then trigger at any time. Attackers can quickly move through a vulnerability – such as an admin area like a password – so Ashworth insists that you want to get them to where they can't go anywhere else, causing them to finally give up and go somewhere else. “You don't have to be the fastest person running from the bear, you just have to be 10
first.bank
faster than the last guy,” jokes Ashworth. “One of the main ways that they get in is via phishing. We concentrate on stopping that number one attack vector, as it is crucial for any bank, enterprise, or small company. “I think with the current international tensions, we’ve seen a move towards pseudo ransomware where there's not a ransom. It's more of just a destructive nature, such as wiper wear, where it basically either wipes the drives or encrypts the data with no way of recovery. Our team is always on high alert because of what's happening and the warnings by
FIRST BANK
the federal government. Any CISO needs to worry about this tension; they need to be thinking globally,” says Ashworth. The importance of patch management Patch management and vulnerability management often go hand-in-hand, and it requires watching on a weekly basis, with the security teams providing oversight and guidance to the patching teams. “For those out patching the systems and the applications, it’s all about keeping the numbers down as low as possible. Sometimes, it is one step forward and three back -it's a never-ending problem and you have to really measure which vulnerabilities and patches you’re working on. Sometimes applications are more difficult to patch, so it's a longer process, or maybe the vendor doesn't support it yet. You have to be very proactive to keep these things going, watching those numbers and
“ We help family businesses thrive across generations and in ways that go beyond traditional banking products” MARC ASHWORTH
SVP, CHIEF INFORMATION SECURITY OFFICER, FIRST BANK
first.bank
11
FIRST BANK
making sure you're at acceptable levels, especially on higher risk ones,” said Ashworth. Training to protect users on the front line of the cyber threat First Bank has several annual training programmes that they offer, from a compliance standpoint. They also conduct monthly targeted phishing campaigns that function as training exercises to keep people informed, alongside training materials, so that if people do fail, there’s refreshers from time-to-time, as well as a weekly newsletter with tips and updates on current events in the cyber world, such as recent breaches. “It's a learning experience for them and customised so they can share those tips with their families and friends, too.
“We get a lot of great feedback from the employees on these from around the building. That feedback is really valuable, and we encourage involvement with other teams and projects in order to keep the bank safe,” said Ashworth. For customers, too, there are periodic webinars that are also recorded and put up online, providing a bank of useful tips and cyber advice to protect from various fraudulent scams. “We post these tips out on our social media feeds and update that on the website, too. We keep our customers and others in our network updated. I'm pretty vocal on LinkedIn as well as Facebook. It's a group thing. It's not just up to the security team to have to worry about this. We all have to worry about it,” he said.
Community comes first at First Bank
12
first.bank
“ We are here for our customers to help them succeed and to help their employees succeed” MARC ASHWORTH
SVP, CHIEF INFORMATION SECURITY OFFICER, FIRST BANK
first.bank
13
Relentless risk management and learning to switch off Based out of the St. Louis area in Missouri, the bank now has a presence in six states, specifically in California, Kansas and Illinois, too. With this kind of customer reach, one of the biggest aspects of Ashworth’s job is the risk-management side of things. At times, the volume of risks out there can be overwhelming, but the CISO has ways to handle this. “It's a constant flow of issues and threats, and it never stops, so it does get overwhelming. I think that's in part why 14
first.bank
CISOs have high turnovers,” said Ashworth. He refers to the latest statistics on this matter, which suggest an average 20-month tenure for a CISO. “I mean, I've been CISO here for four and a half years. I’m able to sometimes stop listening to my podcast for updates and reading articles. I live in nature, so working from home has helped as I can go for a walk or something.” “What you have to do is constantly monitor. And the pressure to protect your customers, your company and your employees – it's a lot! It is fun, though, as it changes daily. So, because of that, you really have to be willing to adapt and be open to constantly learning,” he said. “The overall security community is very tight knit, and they're willing to share and talk about their experiences in a sharing infrastructure. If we can get the government to do that more in terms of mutual data sharing, that would be great, and I think we’ll get there. It's really a lot of fun and I hope more people jump into cyber,” said Ashworth.
“ Our team is always on high alert” MARC ASHWORTH
SVP, CHIEF INFORMATION SECURITY OFFICER, FIRST BANK
FIRST BANK
Partnerships help handle new challenges First Bank has won recognition by Juniper Networks for the lean processes that they've done, because of how they've automated many things within their core environments. Silver Peak, which is now owned by Aruba, a global leader in wired, wireless, and SD-WAN solutions that use AI to automate and secure the network from edge-to-cloud, has been instrumental. “Even Aruba has come back afterwards and recognised what we've done, creating use cases for us and featuring the bank in their catalogue. Last year, First Bank partnered with Akamai to assist the bank in achieving strategic security initiatives: “Akamai is another great partner for us and they provide a solid suite of security and networking offerings. I’m really excited about this partnership and where we are going with it,” said Ashworth. “There’s also great local partners out of St. Louis like Network Technology Partners
(NTP), a great vendor that provides lots of different solutions. A good reseller and they work with us really well. They listen whenever you have a problem and can bring in a solution for you,” said Ashworth. With their customers having faced significant challenges during the pandemic, First Bank pride themselves on building strong personal relationships. With programmes like PPP, they helped many existing customers to get business funding, as well as non-customers who were having difficulties with their current banking partners. This involved lots of video calls in particular, with physical meetings not possible at the time, but that didn’t prevent First Bank staying focused and dedicated – as Ashworth explains: “We are here for our customers to help them succeed and to help their employees succeed.”
first.bank
15
St Louis, United States 63042 T 800-760-2265 www.first.bank
POWERED BY: