Patching: A Defensive Measure That's Not Always AvailableBank of the West's David Pollino on the Challenges of Working with Vendors
Security experts often contend that potential damage from cyberattacks can be avoided if organizations just patch their systems. But Bank of the West Deputy Chief Security Officer David Pollino says applying patches sometimes is more easily said than done.
See Also: The 5 Foundational DevOps Practices
Pollino explains that the cooperation of the third-party vendors that develop and support many systems is required for patching, and that's not always furnished.
"Sometimes security isn't the biggest priority of third parties," Pollino says in a video interview with at Information Security Media Group's recent New York Fraud and Breach Prevention Summit.
Pollino also discusses the importance of:
- Understanding how malware works and how it can have an impact on your IT systems;
- Conducting tabletop exercises with key business leaders, based on recent cybersecurity events such as the WannaCry ransomware attacks; and
- Knowing who to contact within the enterprise as well as with other stakeholders such as vendors and customers when a cyber event occurs;
At the summit, Pollino served as a panelist in two sessions: In the Wake of WannaCry: Creating a Data Security Action Plan that Addresses the Core Elements and We've Been Breached: Now What? How to Effectively Work with Law Enforcement and Regulators.
Before joining Bank of the West in 2011, as senior vice president and enterprise fraud prevention officer, Pollino served as vice president of online risk strategy and analytics at Wells Fargo. He also held managerial positions at Washington Mutual and Charles Schwab.