Skip to main content

Cybersecurity for Middle-Market Companies: An Interview With Cadence Bank CIO Tom Clark

As cyberthieves increasingly target middle-market firms, cybersecurity has never been more important. Cadence Bank exec Tom Clark explains what you can do.

Cybercrime has been called “the crime of the 21st century,” and the most recent statistics reveal why. According to the 2020 VMware Cybersecurity Threat Survey Report, 92% of survey respondents said attack volumes have increased in the past 12 months.


When you consider the fact that many cybersecurity incidents go unreported, the actual percentage is even higher than this. For more perspective on the cybercrime threats facing middle-market companies today, we spoke with Cadence Bank Executive Vice President and Chief Information Officer Tom Clark.


Q: Are middle-market companies at a greater risk than small businesses and large corporations when it comes to cybercrime?

A: Often they are. Many cybercriminals are specifically targeting midsize companies that are in the cybercrime “sweet spot” – they’re big enough to have significant bank accounts, but they often don’t use the latest cybersecurity defenses. Also, middle-market firms are often the gateway to bigger targets for cyberthieves.


Q: So where exactly are these overseas cybercriminals located?

A: It can be hard to tell, because most of them operate through proxy servers that enable them to mask their location. For example, they could be overseas in the Ukraine but it looks like they’re in Dallas, or vice versa. Generally speaking, though, much of the cybercrime activity targeted against middle-market businesses originates within the United States and former Soviet bloc countries along with China, which is heavily focused on industrial espionage.  


Q: What are some of the main cybercrime threats facing middle-market businesses today?

A: Infecting corporate computers and IT systems with malware is one of the most common types of corporate cyberattack. Once access to the system is gained through a phishing e-mail or malicious download, an unauthorized software program is installed on the host and used to harvest credentials and/or steal from corporate bank accounts. Email phishing schemes are still the most common method used to plant malware on corporate computers.


Social engineering has made it much easier for cybercriminals to target employees for malware attacks and other types of cybercrime. Thieves can often learn everything they need to know about a corporation’s structure from its LinkedIn site and then use this information to impersonate executives.


For example, they may pose as the CFO and tell accounting employees that they need to click on a link in an email right away or there will be dire consequences. If employees aren’t well-trained and careful, they can be tricked into doing what the cybercriminal tells them to do.


Q: Are there any other cybercrime threats that are especially dangerous right now?

A: Ransomware has become a really big cybersecurity risk lately. Recent headlines have told the stories of massive global ransomware attacks like WannaCry and Petya affecting some of the largest corporations in the world.


Unlike traditional cyberattacks that try to steal sensitive corporate information, ransomware attacks aim to freeze and potentially destroy all the information on a business’s computers and servers unless a ransom is paid to the thieves. This is a much bigger potential threat that requires businesses to build defenses around all their data.


Q: What should middle-market businesses be doing to protect themselves from these kinds of cyberattacks?

A: Focusing on the fundamentals of cybersecurity will thwart the vast majority of attacks. This includes being proactive in your IT maintenance and controls by patching your computers on schedule and using the latest anti-virus software and firewalls; implementing strong manual controls for funds transfers; and educating your employees about cybercrime prevention.


Q: How can Cadence Bank help businesses combat cybercrime?

A: Cadence Bank takes cybercrime prevention very seriously, so we offer our clients the latest cybercrime prevention tools. For example, we require two-factor authentication for wire transfers to help prevent unauthorized wires from being sent.


Download the fraud prevention eBook from Cadence Bank

For more information on how to protect your business from cyberattacks, download our fraud eBook, How to Minimize the Risks of Fraud. Or contact Cadence Bank at [email protected] with your questions about cybercrime prevention.



This article is provided as a free service to you and is for general informational purposes only. Cadence Bank makes no representations or warranties as to the accuracy, completeness or timeliness of the content in the article. The article is not intended to provide legal, accounting or tax advice and should not be relied upon for such purposes.

Questions? We are here for you...

To ensure your safety, please do not include sensitive information in your submission.