Maintain a foundation of trust
Table of Contents
Obsessed with your success
Manage our impact responsibly
Supplemental reporting
Overview
Appendices
Our Chief Information Security Officer is accountable for our comprehensive cybersecurity vulnerability management program. We proactively conduct regular threat analysis activities to identify vulnerabilities in technology and operational processes, and opportunities for remediation. Vulnerabilities are assessed across all technologies and services, and we have defined timeframes around remediation, based on criticality of the affected service and impact or likelihood of exploitation. Incident response
playbooks are rehearsed on a frequent basis and structured continuity plans are in place, including the use of up-to-date and offline storage of critical systems and data. We maintain insurance coverage to help mitigate against certain potential losses associated with cyber incidents. We have a mature third-party security risk management program to evaluate the cybersecurity program effectiveness of all third-party service providers.
During 2022, we: • Enhanced our digital banking platform security features to include multi-factor authentication and centralized identity management; • Continued to leverage innovative technologies around identity and access management to transform the way our team members manage and access applications and services; • Continued to enhance key knowledge and capabilities within our Cyber Security Incident Response team to advance our understanding of the rapidly changing landscape and respond to cyber incidents; and, • Provided Board and executive education sessions, with support from external experts, focused on elevated cybersecurity risks and the development of a cybersecurity risk appetite statement.
Training and awareness The Information Security Office maintains an awareness and education program to inform our team members about their responsibilities with respect to the use of CWB technology and information, and to educate them on the risks of social engineering. The program includes mandatory monthly training requirements, with shifting areas of focus based on current and emerging threats, and monthly simulation tests to assess the effectiveness of our training programs. Areas within the organization that require more focused training are assessed on a regular basis to ensure our team members within higher-risk job functions understand their responsibilities to protect our systems
and information. Each October, we also complete an organization-wide cybersecurity awareness campaign in association with National Cyber Security Awareness month.
Supporting our clients During 2022, we hosted a CWB Expert Series event, facilitated by our Chief Information Security Officer and other industry experts, to provide our clients with insights on building a strong cybersecurity plan, and best practices to manage emerging threats.
19 2022 SUSTAINABILITY REPORT AND PUBLIC ACCOUNTABILITY STATEMENT
Powered by FlippingBook