“Financial Crimes Are Unique & Becoming More Pervasive” with Scott Madsen CEO Cingo Solutions
I had the pleasure of interviewing Scott Madsen, CEO of Cingo Solutions. Cingo is a managed detection and response cybersecurity provider that has recently become SOC2 certified. Scott leads the organization with an emphasis on strategic process and integration. He’s passionate about technical solutions development, customer UX, cyber security innovation and European automotive history.
Thank you so much for doing this with us! Can you tell us a story about what brought you to this specific career path?
My company started as a web-based development shop. We were building databases and communication tools for a financial services client when we started to see cybercrime as an issue that our client’s internal IT people could not combat. One particular client had even hired someone who had worked in IT for a State agency but the pace and increasing consistency of threats continued to evolve outside of their skillset leaving the company pretty vulnerable. We were building systems that needed protection so in order to keep that information private and protected, we developed cyber security programs based on the threats. We didn’t set out to become a cybersecurity company, but we needed to mitigate our own risk. We take the versatility and reliability of our programs very seriously and that includes potential threats after Beta testing. At Go Live, our programs are expected to function out of the box. But in some cases, an unsecure/unreliable feed can cause bugs we couldn’t foresee. It became less a question of how to offer solutions in a limited scale to more of a question of ideally, what should it be? With that offensive mindset, we developed some very powerful and state of the art tools for detection and alert and hired some very bright experienced cyber security experts. The threat evolves as you would expect it to. Cyber criminals are heavily motivated, so are we. We continue to work to engineer systems which enable us to leverage software to monitor more deeply and notice irregularities faster, so we can keep pace with the threats.
Can you share 5 tips that others can use to help build a sustainable Financial Crimes Program?
1. Hire a pro. Hire somebody who specializes in MDR because financial crimes are unique and are becoming pervasive. The threats are getting worse, not better. One of our clients experience about 10,000 breach attempts every week. Breach attempts used to require an actual human hacker; automated programming has fundamentally shifted the number and sophistication of threats. Internal housekeeping and employee training can be implemented, but for a serious plan, designate a specific team with some history in cyber security to keep your sensitive data safe, whether it’s an internal or external team.
2. Keep your network closed. Most people leave their networks completely open. Access to the network must be limited to an approved list and, similarly, any server should only accessible from approved locations and require authentication to get in, preferably multiple step.
3. Secure your workstations. Workstations are the most at risk piece of equipment in the office. They are the interface between your employees and the web/internet/email. Finding the best way to secure workstations from human error (without adding too much time to login or daily tasks) will go a long way toward strengthening your overall financial crime protection strategy.
4. Scan, scan, scan. — Implementing the most up-to-date forms of virus and malware scanning at every level assures it never reaches your system. The same goes with vendors you use; they must observe the same level of security you do in order to maintain total system integrity. Be picky about the companies you engage: ask questions, demand help-desk support and that their contracts are easy to terminate. Companies should have to earn your business every month, not lock you into a contract then forget you.
5. End-User training. No matter how secure a system may be, technology is designed to be used by humans and sometimes we make mistakes. Training all end-users to identify a breach and not fall victim to it increases the likelihood of a financial systems program being successful. If you have a robust, serious approach to your company’s security, the greatest risk will always be an undertrained or underprepared employee.
How often do you conduct assessments about the Financial Crimes Program?
Daily. All it takes is one person who doesn’t recognize a risky email to make their domain a target for system-wide penetration. Small things can produce big outcomes. Typically, when a phishing email penetrates an environment it makes a target of the domain. One successful hit on a system may result in an onslaught of hits for weeks because the malware is exploiting a vulnerability. Packet sniffing is a process where spyware camps outside of a domain focusing on email content, both incoming and outgoing. We have had multiple instances with our financial services clients where officers of the company were watched through packet sniffing: in one instance, wiring instructions were sent from a dummy account representing itself to be from the person with discretionary authority for wire transfers to the employee responsible for initiating a wire. We were able to recognize and take action and neutralize the threat through our proprietary systems along with one trained employee who was up to date on procedures before any money left the account. The only way to stay ahead of the volume of these sorts of financial crimes is to be watching it constantly. Our system is built around a live feed for this reason and is consistently monitoring for any irregularity which notifies one of our security specialists when something is out of the acceptable range.
We invest heavily in transparency tools allowing our clients to check in and understand the effectiveness of our solutions on a daily basis. In our clients’ login portals, they see unsuccessful and successful breach attempts of their company’s IT environment and action we take to quarantine successful breaches when they occur — all in real time.
What advice would you give to aid in global monitoring for Financial Crimes?
We need to get more sophisticated in the way we relay data. Companies need to use tools like Citrix Sharefile or other file sharing services when passing information back and forth. Some of the accounting firms we work with have clients who refuse to use the systems in place because it creates one more login for them. I think it’s just an education thing. Every time we make it easy for cyber criminals, they won’t return the favor by taking it easy on us. They are out to get any and all data relating to you, your grandmother, your children. Nothing is sacred; we need to be sophisticated and to do so quickly. Tech innovations have helped in reducing the number of stages necessary to verify before transmitting data, VPN’s are becoming more widely used but the #1 way that criminals can guarantee they will always be in business is that they are betting on comfort. People just don’t want to be bothered with that extra step.
The old adage really works here: an ounce of prevention is worth a pound of cure. Take the time to learn new technology and demand your professional services contacts are using new technology as well. And if you own or are an officer or on the Board of a business, hire Cingo Solutions.
Leveraging the right technology can be key to reduce risk and increase operational efficiency within an AML (Anti-Money Laundering) program. What are some applications of technology enablements that have helped you? What would you recommend to others?
Each money laundering scheme is unique; Cingo Solutions has developed solutions to support AML protection for clients. Our systems facilitate regular reviews of AML databases like Fin-Cen and OFAC for our clients. A part of our service is a 90-day review of each client’s business with recommendations for custom solutions. For clients who need AML compliance support we have an in-house, full-service development unit. When we understand a client’s data flow and the defined efficiencies we work with management to create the right solutions for our clients’ environments. If your company needs a relationship with an AML information provider, we work with them to securely connect you with them.
You are a person of great influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. :-)
I’m never great at questions like these, but I would say to fundamentally re-examine the current definition of failure and society’s allergy to it. To too many people, failure represents a finality, or an endpoint. For me, the times I have grown the most as an individual and as a part of our team are the times most rife with failure. I can recall plenty of times in my professional life thinking about how often I fail or why I couldn’t figure out how to work through a particular problem or why some things seem to be doomed from the beginning. I had a hard time with it until I realized that there is a lot of power in failure. By growing past failure, I began to think more critically, define problems more simply, execute decisions more decisively and look for more creative solutions. People are built to do hard things and succeed at them. One of our company mottos in new technology development is “Fail Faster!” We say it in group meetings at the beginning of every new project, not because failure is the goal, but because the only route to success is to hit it head on, go right through it. So why not pull up your bootstraps, get used to failure as an important part of the process and let the process help sculpt you into a more successful person and your company as a more powerful engine of change.
Can you please give us your favorite “Life Lesson Quote”? Can you share how that was relevant to you in your life?
“It is by working within limits that the craftsman truly reveals himself”
Since its inception, Cingo Solutions has never accepted investment capital of any kind from anyone. We are and have always been a cash positive business which is not easy to do in tech. But by building the company from a perspective of passion, dedication and reinvention, the rewards were innovations unbridled by expectation or compulsion for arbitrary goals but to develop a team of dedicated, loyal and brilliant minds and products built for purpose. Building innovative products and investing in new technology with the internal capital to do so now feels almost like an unfair advantage. This quote applies to those limits and the true benefits it’s in terms of developing our craft.
Some of the biggest names in Business, VC funding, Sports, and Entertainment read this column. Is there a person in the world, or in the US with whom you would love to have a private breakfast or lunch with, and why? He or she might just see this if we tag them :-)
I would love to discuss the future of AI with Elon Musk. I believe he has a great view on issues which we may experience in our lifetimes because of a lack of preparation and critical thinking regarding AI. I believe AI is the largest security threat of our lifetime. The smarter the ‘bots get, the harder they are to keep out of places they don’t belong. Plus, I’ve heard he has on old Series 1 E-Type Jaguar that I’d like to BS with him about.