Name: Al Alper 

Title: President, Absolute Logic 

Age: 55 

Experience: 27 Years  

Bram Berkowitz

Al Alper has been working in the cybersecurity space for close to three decades. In 1991, he founded Wilton-based Absolute Logic, an information technology and security firm that provides cybersecurity, compliance, technology support and consulting to businesses of all sizes. The company works with a good deal of financial institutions in a number of different capacities, including managing all of their IT needs to training staff on cyber detection through awareness.  

Prior to Absolute Logic, Alper launched several other businesses, including People Capital, a financial services company catering to college students, and My Receivables, a factoring company serving the needs of businesses experiencing fast growth. In 2016, the Wilton native founded CyberGuard360, a sister company to Absolute Logic that designs and markets proprietary software solutions for companies dealing in the financial services sector who face compliance issues. Alper has also written three books in a series called “Revealed!” about cybersecurity and ways to minimize and mitigate risks. The Commercial Record caught up with Alper to discuss cybersecurity and how financial institutions are faring when it comes to this often convoluted space.  

Q: What is the most common problem that banks and credit unions come to you with? 

A: The most common problem is compliance, as it relates to cybersecurity. Financial institutions handle and deal with a great deal of sensitive customer information such as account numbers and access information, social security, credit scores, salary information and more – the need to protect and secure the privacy of that information is paramount. Financial institutions come to us to find solutions to reduce and hopefully eliminate their vulnerability to cyber-attacks by hardening the attack surface. They are especially prone to socially-engineered attacks, which become more sophisticated and difficult to detect by the day. As an example, one trick that fools people is a link which appears to be from UPS, announcing an impending delivery. The individual clicks on the file to see details of “the delivery,” which then subjects the financial institution employee’s email, and potentially the entire financial institution infrastructure, to harm. 

We tell our clients and friends in the financial space that the best, most up to date cyber protection is only as good as the “ground team” that is using it. The first and often biggest deficiency in financial institutions is insufficient training of employees. Institutions that do not have a rigorous education and training program in place are highly susceptible to being hacked. The right training can ultimately lead to cultural norms within the institution that create a more secure environment. More training will help reduce incidents. Regrettably, even the larger institutions, with more significant financial resources, do not go far enough with training. 

Q: What do small financial institutions do well with in terms of IT/cybersecurity? 

A: Smaller financial institutions are more closely-knit, organizationally. This more intimate top-to-bottom culture of the smaller institution provides a more favorable climate for enacting the behavioral changes among employees needed to identify and detect cyber threats. There are fewer organizational layers within the institutions and decisions can be made more quickly and easily. This ability to be nimbler than their larger counterparts can sometimes offset the disadvantage of being smaller – namely, that the smaller institutions do not budget as aggressively as their larger colleagues might. 

Q: What disadvantages do small financial institutions face compared to larger institutions when it comes to setting up their cybersecurity infrastructure? 

A: Capital. The larger institutions can employ six or seven figure defenses against cyber threats which arguably may not make sense for the smaller institution with more limited budgets. The smaller institutions in general are disadvantaged financially, making it more difficult for them to employ the resources for both the training of employees and implementing a robust cybersecurity program to detect and mitigate threats. So, they often strike a balance between what is reasonable in terms of what they can afford and the potential exposure that the risk provides. 

Q: Are there any IT/cybersecurity issues that banks and credit unions do not address currently, but should be preparing for? 

A: The Internet of Things. Thanks to this breakthrough in technology, we live more convenient lives. We have refrigerators, which can tell us when we’re running low on milk and Alexa to handle our financial and other decisions. We’re still grasping the implications of having these devices. Banks and financial institutions strive to elevate their levels of customer service and the devices they use to achieve this goal are IOT enabled. Banks and financial institutions may not consider this gaping security hole. I had the chance a couple of weeks ago to speak before a group of executives including financial decision makers at NASDAQ, and the common theme of the discussion was that their companies were employing many customer service-centric devices without first consulting their IT security teams. These devices were, in fact, Internet-enabled and present an umbilical cord into the heart of the organization – ungoverned and unprotected.  

Alper’s Five Favorite Places To Be: 

1. Lake Tahoe
2. Belize 
3. Ios (Greek island) 
4. South of France 
5. Anywhere on a motorcycle