Cyber Savvy: Safeguarding the Financial Sector with ClearBank CISO Bernard Wright

Welcome to the fourth edition of Cyber Savvy, a blog series dedicated to sharing expert insights from cybersecurity professionals. In each installment, we connect with a diverse group of security leaders to gain fresh perspectives on the ever-changing threat landscape. These interviews explore their unique career paths, revealing the challenges they've encountered and the successes they've accomplished.

In this article, we chatted with Bernard Wright, Chief Information Security Officer (CISO) at ClearBank. Bernard leads the InfoSec team and is responsible for developing and implementing ClearBank's security programs. Before ClearBank, Bernie held several positions in various start-ups and government organizations and has over 30 years of experience in the IT sector. Here’s what he had to share.

What are your biggest security concerns/challenges as a CISO?

A: There are multiple concerns and challenges throughout the business. As we continue to grow in visibility in the market and gain our EU license, the target on our back increases, so we are likely to see more interest from a variety of bad actors over the coming year. This, coupled with the intensity of supply chain attacks to gain entry into systems, presents us with challenges on all fronts.

What new challenges do you anticipate in the coming year?

A: Both AI and Deepfakes are an increasing challenge for us this year and going into 2025. The hype, hope, and reality of AI are constantly in people's faces today. AI presents a huge opportunity if used correctly and is not something that we should be afraid of using, but it takes time for people to become comfortable with the technology. Where I think the bigger challenges will come from is in the Deepfake area. With the advancements in voice and video over the past year, it is even more important to ensure awareness training is updated and controls are in place to protect the business.

How is your team adapting to the evolving threat landscape?

A: Continual education and awareness from the teams. They are always looking at the threat landscape to better understand what is happening, how other organizations are adapting to the threat, and what controls and monitoring improvements we can make.

What do you consider your most important success metric?

A: Rather than looking solely at one metric for success, I look at the engagement we get across the business. Increasing ‌awareness across the business now means we get engagement from business units at an early stage in the process, which gives us a much better view of what is coming our way or issues people are having. We have moved away from people being scared to talk to security to willingly engaging.

What are your three biggest goals for the coming year?

A:

1. Ensure our recovery capabilities are in good order and practiced sufficiently to cope with some sort of service interruption.
2. Improve our vulnerability management reporting and prioritization so that it is easier for the rest of the business to better understand where ‌our focus needs to be. The relentlessness of published vulnerabilities will continue and any improvements we can make in this process will be greatly received.

3. Continue to develop our people and ensure we continue with challenging and interesting work.

What new trends in cybersecurity excite you right now?

A: Naturally, AI brings many opportunities. Getting to the reality of what it can deliver and keeping pace with the change it brings. So many improvements it can help bring to the business, and it is the ability to identify where those can have the greatest impact.

What advice do you have for other CISOs or aspiring CISOs?

A: Don't try to fix everything at once, otherwise you will over-commit. It can be overwhelming at times, the amount of work involved and the level of monitoring required, but you have to focus. Identify what is most important in relation to your environment and business and how other mitigating controls provide protection. Not to say, ignore everything. This comes down to prioritization.

Want to learn more from Bernard? You can connect with him here.

In our upcoming Cyber Savvy segment, we'll be conversing with yet another security expert to explore their perspectives on the constantly shifting threat environment. Whether you're a seasoned CISO, aspiring security analyst, or simply curious about industry insights, this is an opportunity you won't want to overlook.

Want to be featured yourself? Contact us here and we’ll be in touch!