Live Oak Bank and DefenseStorm Testimonial

Speaker: Rich Friedberg, CISO, Live Oak Bank

Rich Friedberg: Live Oak Bank is headquartered in Wilmington, North Carolina. We're a digitally focused bank serving customers across the country. Our primary business is servicing small business America and we've grown to become the nation's largest small business lender. We have teams dedicated to various verticals including veterinarians, dentists, independent pharmacists, farmers and more. We serve our customers with a focus on customer service and technology. We refer to this as high touch and high tech. We strive to treat every customer like they're the only customer at the bank. And we use technology to create both efficiency for the bank itself and for our customer experiences without branches. Our technology and digital experience is critically important to us.

Rich Friedberg: So unfortunately, there's quite a few challenges when it comes to managing cyber risk for a financial institution. So day in and day out, we're dealing with different threat actors that have varying motivations. They may be coming after the bank directly, they may be coming after our customers and unfortunately, they get more sophisticated every day. So for those that may follow the headlines last year broke records in terms of dollar amounts for ransomware payments. It tells us the crimes paying off which unfortunately fuels more crime and puts more pressure on us as defenders. So at Live Oak, our cyber Risk management program is designed to help protect the bank both from a safety and soundness perspective and to ensure that we do the right things to protect and help our customers. Our program covers broad areas like product security, ensuring the security of our customer facing products, corporate security, ensuring the security of our back end systems. We have teams dedicated to security operations and incident response, cloud security access management, third party risk management, security awareness and more. But through all of that, some of the most important controls are focused on authentication and monitoring. From an authentication perspective, ensuring that we have strong multi- factor authentication to make it harder for criminals to get into customer accounts. From a monitoring perspective, our information security and fraud teams work together to constantly monitor for suspicious activity. And lastly, we want to ensure that our customers are safe and that they take steps to, to help secure their environments. So we take time to ensure that we're sharing best practice guidance with them.

Rich Friedberg: As I shared earlier, technology is key to Live Oak's strategy. We work with a number of exciting partners that help build better experiences for our customers, deliver new services and improve efficiencies. For the bank Apiture has been a key partner to Live Oak for a long time and continues to provide innovative solutions, especially as we grow our digital banking offerings to our small business customers. From my vantage point, it's critically important that we have partners that have solutions that meet our needs for new products, have a high level of customer satisfaction that leverage efficiencies to ensure that we streamline backend bank operations and that our vendors are using modern and secure software development practices. And lastly that they have a support team that can meet and respond to our needs if any issues arise. So with, Live Oak's focus on technology, we're 100% cloud based with a modern ecosystem and it's important that our partners are as well. We want our customers and our back office employees to have a modern and efficient experience, day in and day out.

Rich Friedberg: Live Oak has a long standing partnership with DefenseStorm. We use them for a number of services across our cyber program, fraud management risk management and compliance functions. That combination of services is really unique to DefenseStorm is incredibly beneficial for us at Live Oak. There's a lot of point solutions out there. For example, traditional information security managed security service providers will solely focus just on cyber risk. Some may focus on fraud, some may focus on risk and compliance. But using that same platform across multiple domains has tremendous efficiencies. Most importantly for us, the combination of cyber risk and fraud data allows us to defend against both Attackers who may be targeting the bank systems and attackers who may be targeting our customer accounts. So being able to blend that alerting and unify reporting across multiple areas is critical to both effective risk management, loss reduction and or overall efficiency.

Rich Friedberg: As anyone working in technology knows, integrating solutions is never as easy as you think between figuring out how to exchange data, to have a person interpret that data, to configuring the right alerts and the right reporting. There are countless challenges that come up along the way. Given all those challenges, it's wonderful to find partners that have a strong relationship and support native integration out of the box. The simple fact of not having to worry about all those challenges is huge. So it means our teams can spend a lot less time working through things like integrations, data flows, log parsing reporting alert configuration really lets our teams focus on protecting the bank and our customers. So back to some of the earlier statements I made around efficiency, right? It's incredibly beneficial from an efficiency standpoint, lets our teams focus on their core risk management functions which has a direct impact on our overall risk posture.