One of the challenges: Proactive risk assessment often takes a backseat when banks and credit unions feel pressure to quickly launch new offers like mobile banking.
"There are a couple of leaders or bleeders in this arena of mobile, and the others are just trying to catch up," says Rogalski, First Niagara's information security officer. "Many don't have time to consider all of the angles when it comes to security."
But every security concern must be reviewed up front from a fraud perspective.
During the RSA Conference 2012, which takes place starting Feb. 27 in San Francisco, Rogalski will participate in a peer-to-peer discussion that addresses risks and program challenges financial institutions face when it comes to battling emerging risks while balancing security concerns posed by more traditional channels. Rogalski's 50-minute session, Chicken or the Egg: What Comes First? Discussion of Prioritization, takes place March 1 at 9:30 a.m. in Room 110.
"The landscape has really changed, with the emergence of Anonymous and other hacktivist groups," he says. "Hacks are not financially motivated anymore."
ACH and wire fraud will continue to pose the greatest security challenges for most institutions. But the industry is doing a better job of proactively addressing corporate account takeover concerns, which often result from these incidents. [See Rogalski's two webinars about ACH and wire fraud and FFIEC Authentication Guidance: Risk Assessment Framework for Online Channel: Learn from an Expert and FFIEC Authentication Guidance: Customer Education - Developing a Program That's Effective and Meets Regulatory Expectations.]
At RSA conference, ongoing risks posed by online attacks, hacktivism, emerging technology and advanced persistent threats will be the focus.
During this interview, Rogalski discusses:
- Emerging technology risks, especially those posed in the payments space by near-field communications and mobile wallets;
- Why ACH and wire fraud continue to plague the financial industry;
- How senior management needs to address data loss concerns linked to website exposure and hactivists' attacks.
Rogalski is the information security officer and first vice president of First Niagara Bank, a top 25 regional bank located in the northeast. Rogalski currently holds CISM and CRISC certifications. Rogalski has more than 18 years of experience in technology and security in a variety of technical and management positions. Before joining First Niagara, Rogalski led information security risk management for M&T Bank. Rogalski also frequently speaks about security, risk management and awareness with industry leaders and First Niagara customers.