Back in mid-March, as the full extent of COVID-19's impact on the world was coming into focus, members of TD Bank Group's threat management teams quickly realized they were facing a challenge unlike anything they'd experienced before.
TD was moving quickly to enable the majority of its nearly 90,000 employees to work from home, as governments around the world closed borders and began locking down their economies.
For the TD Fusion Centre teams – specialized threat response teams comprised of individuals representing critical functions from across the Bank – this meant figuring out enhanced ways to protect the Bank from cyber risk and other related threats, practically overnight.
While governments around the world began rolling out relief programs, the Bank saw a spike in potential fraud and phishing campaigns, targeting Canada Emergency Response Benefit (CERB) and U.S. Paycheck Protection Program (PPP) users across Canada and the U.S.
Thanks to the TD Fusion strategy and its always-on approach to cyber threat management, TD was in a position to be able to respond quickly to that spike. Then, on April 9, TD added another key component to its Fusion strategy when the Bank's latest Fusion Centre came online in Singapore.
The addition of the Singapore Fusion Centre – alongside Fusion teams in Toronto, Tel Aviv, and Mount Laurel, New Jersey – enabled TD to employ a "follow-the-sun" model to monitoring threats to the Bank's overall security, while tapping into a rich pool of local talent.
This model approach has become increasingly critical with so many TD employees working outside traditional office environments, combined with the rising incidence of cyber threats arising out of the pandemic and the ensuing government shutdowns.
"On a normal day, the privacy of our customers' information and the importance of maintaining their trust while protecting our assets is a fundamental priority for the Bank," said Dr. Clark Smith, Head of Cyber Fraud Threat Management, TD.
"The pandemic may have added another layer of complexity to safeguarding this priority in the form of new cyber threats, but the Bank was able to meet this challenge with a lot of talent, resources, systems and protocol remaining dedicated to protecting this priority. In addition to maintaining all existing routine measures, it was also important for us to stay flexible so that we could anticipate and respond to developing threats, like the ones we saw in the early stages of the pandemic."
Creating a 'shared consciousness'
The TD Fusion strategy and 'follow-the-sun' model bring together people representing critical functions from across the Bank. There are individuals representing cyber operations, incident response, threat intelligence, information protection, physical security, fraud management, risk management and legal. Each team member brings their own lens to the data, using their experience and viewpoints to help solve timely challenges.
Collectively, teams are focused on sharing their diverse thinking to help improve detection of enterprise threats, proactively prevent new threats from taking hold and better enabling an incident response capability for the organization.
This approach involves working together to protect the Bank and its customers from cyber threats by sharing ideas and examining incoming information and data in real-time. More comprehensive threat intelligence and faster response times allow TD to keep pace with nimble cybercriminals who continually adjust their tactics and techniques.
The Singapore Fusion Centre is the second Fusion facility at TD, following the opening of the Toronto location in 2019 and joining additional Fusion teams in Mount Laurel, New Jersey, and Tel Aviv. While the new state-of-the-art facility is designed to manage incidents and investigations in a collaborative space, teams are able to work virtually to support the 24/7 multi-time zone model.
"Bringing this new centre online ultimately helped us create a 'shared consciousness' of sorts," Smith said.
"Regardless of which location our cyber talent may be working out of, our strategy is to carefully recruit from top international talent for roles at these centres and then to put together teams that use data and intelligence-driven insights to work cross functionally and across time zones to stay ahead of cyber threats."
An always-on, 'follow-the-sun' approach
At each TD Fusion Centre site, artificial intelligence and machine learning tools are coupled with diverse talent to help improve threat detection and more efficiently protect data and technology assets. Together, these sites collectively make up the Bank's Fusion Centre concept.
"When it was first devised, the TD Fusion strategy required a cultural shift across the Bank in terms of how the organization thinks and works together," Smith said.
The strategy has established a community of great trust and information sharing, which has proven key when dealing with cyber threats, which emerge almost daily.
"Through this cross-team lens and by consolidating disparate data elements into a centralized platform we've more efficiently been able to predict cyber-attacks allowing for a more proactive, preventive approach," said Smith.
"We know the model works which is why bringing the Singapore location online has been an exciting addition for us as a team."
Responding to COVID-19 in real time
At the onset of the COVID-19 pandemic, the number of Bank employees working from home went from roughly 20,000 to nearly 60,000. Securing that kind of a transition would be complicated at the best of times, let alone when there's a global pandemic requiring physical distancing, restrictions on movement, and supply chain disruptions.
"Planning a transition of this scale during a pandemic required a whole new playbook, and the TD Singapore team really stepped up along with highly valued support from the Singapore Government," Smith said.
"We condensed months of work into a matter of days. Our Fusion Centre concept is where many of the decisions on creating the new TD tech blueprint for the Bank were made. This resulted in a massive workforce pivot to working offsite almost exclusively while increasing and enhancing monitoring for cyber risks. "
TD had planned to build the Singapore Fusion Centre in less than four months, said Jay Jobanputra, Managing Director, Regional Head, Asia-Pacific, TD Securities.
However, the disruptions from COVID-19 created additional logistical challenges.
"To build a cutting-edge Fusion Centre, a lot of specialized equipment needed to be shipped into Singapore from overseas," Jobanputra said.
"This posed a significant challenge against increasingly restrictive movements of goods and services due to borders and shipping routes being closed down. So, the project team had to quickly remap the procurement schedule with various vendors from around the world and accelerate deliveries to ensure this critical project remain on track. In the end, and despite the challenges, the Singapore Fusion Centre was completed three weeks ahead of schedule."
Jobanputra said establishing the Fusion Centre in Singapore enables TD to provide robust 24/7 protection while tapping into a rich pool of cyber talent in the market with encouragement from the Singapore government, which operates a Cyber Security Agency focused on national cyber defenses.