ALPHARETTA, Ga.--(BUSINESS WIRE)--American National Bank (ANB), a Fort Lauderdale, Florida-based community bank with more than $280 million in assets, has solved the challenge of delivering exceptional cybersecurity protection for its customers without a large IT or compliance staff by working with DefenseStorm to initiate an automated approach to achieving and maintaining compliance with cybersecurity best practices as defined by the Federal Financial Institutions Examination Council (FFIEC).
While no legislation currently requires banks and credit unions to formally adhere to the FFIEC Cybersecurity Assessment Tool (CAT), the assessment provides a repeatable and measurable process for institutions to gauge their cybersecurity preparedness over time. It incorporates cybersecurity-related principles from the “FFIEC Information Technology (IT) Examination Handbook” and regulatory guidance used by federal agencies that audit banks and credit unions, along with concepts from other industry standards, including the National Institute of Standards and Technology (NIST) Cybersecurity Framework. Forward-thinking banks and credit unions are adopting the tool to be at the forefront of combining cybersecurity and compliance practices.
ANB President and Chief Executive Officer Ginger Martin commented, “We are proud of our tradition of complementing personalized service with the most up-to-date banking products and services. Instituting an efficient and affordable way for a bank of our size to comply with cybersecurity best practices defined by experienced leaders in our industry is another example of ANB being at the forefront of delivering exceptional value to our customers.
“Our top priority is developing a long-lasting partnership with each of our clients,” Martin continued. “Making sure we handle information with the utmost confidentiality, safety, and security is fundamental to this objective,” she concluded.
ANB chose DefenseStorm, a technology and services company focused exclusively on helping regional and community-focused banks and credit unions efficiently achieve best-practice levels of cybersecurity and cybercompliance, to assist the bank with both disciplines.
DefenseStorm uniquely combines real time cybersecurity detection, investigation and reporting with cybercompliance in a single co-managed, cloud-based system called the DefenseStorm GRID™. The FFIEC CAT framework is built into the DefenseStorm GRID, which also can incorporate other regulatory frameworks and a financial institution’s own policies. Automated tasks, enforced procedures, stored evidence of compliance, audit trails, and access controls for critical documents and data significantly improve a financial institution’s risk management position. Event data is aggregated across all cybersecurity tools, linking policies to real time alerts, so users can prove to regulators that they are both secure and compliant with evolving FFIEC CAT and other cybersecurity requirements, as well as with their own policies. The system operates in a co-managed model that enables users to leverage the knowledge and support of banking cybersecurity and cybercompliance experts.
The system includes an Active Compliance™ engine that makes proving compliance a continuous real time discipline, not a situational exercise. It connects policies to controls, collects and stores compliance evidence, and automates reporting so that financial institutions can, at any time, prove compliance with cybersecurity standards to auditors, oversight committees, Boards of Directors and other stakeholders.
DefenseStorm cybersecurity and compliance experts began working with ANB in 2016 to map the bank’s policies to the declarative statements in the FFIEC CAT, analyze fits and gaps, and recommend adjustments. In a 2017 yearly review, Chief Customer Officer DJ Landreneau extended the mapping to new policies and verified the validity of the full FFIEC CAT map, delivering the results to Tina Maalouf, senior vice president of operations for ANB, 6 weeks before the bank’s year-end exam.
“In my 50-plus years of experience in banking, that was one of the smoothest IT exams I have experienced, especially with today’s changing environment regarding information and cybersecurity,” Maalouf commented. “The examiner was impressed with how prepared we were, with our supporting documentation, and with the level of information that was disclosed with the CAT. Having experts from DefenseStorm, particularly Chief Information Security Officer Bob Thibodeaux and Chief Customer Officer DJ Landreneau, review and automate our processes, reflected ANB’s commitment to excellence in this area,” Maalouf added.
DefenseStorm Chief Executive Officer Sean Feeney noted, “The increasing volume and sophistication of cyber threats are challenging financial institutions of all sizes to maintain and prove safety and soundness. To assist them, the FFIEC developed the CAT to identify risks and determine cybersecurity preparedness. We are the only vendor that has incorporated the FFIEC CAT with cybersecurity on a common platform so that security and compliance can be real time and automated together, which is extremely helpful to community-focused banks and credit unions that have an unwavering commitment to safeguarding customer and member relationships, yet often lack large IT and compliance staffs.”
DefenseStorm provides cybersecurity and cybercompliance solutions specifically built for banking. The company delivers the only co-managed, cloud-based and compliance-automated solution of its kind – as both a technology system and as a service supported by experts in financial institution security and compliance. The DefenseStorm GRID watches everything on a financial institution’s network and matches it to defined policies for complete and proactive cyber exposure readiness, keeping security teams smart and executives accountable to their customers, communities, regulators and Boards. Built from the ground up in the cloud, DefenseStorm unifies detection, investigation, reporting and compliance into a single place to manage cybersecurity data. The system aggregates event data across all cybersecurity tools and links policies to real-time alerts so that financial institutions can prove to regulators they are both secure and compliant with evolving FFIEC cybersecurity requirements as well as with other regulations and their own policies. For more information please visit www.DefenseStorm.com.