FDIC Ribbon
FDIC Ribbon

FDIC-Insured - Backed by the full faith and credit of the U.S. Government

FDIC Ribbon
FDIC Ribbon

FDIC-Insured - Backed by the full faith and credit of the U.S. Government

    • the-vault.jpg

    • The Vault by FNBO

      Date Published: February 12, 2026

Episode 5: Cyber Resilience in 2026: What It Really Takes

Amelis Long: Welcome back to The Vault, where we unlock stories that matter here at FNBO. I'm your host, Amelis Long, and I'm so excited for today's episode.

We're going to dive into the cybersecurity landscape and a little bit more about those threats that you and I face as people every day. In the last year, we constantly saw messages in the news about breaches happening. And why those stories are so impactful is because it's happening to real people and businesses that we're familiar with. And so, for us to be resilient consumers and resilient people, we need to be more aware of what's happening in the threat landscape.

So today, I'm excited to welcome our expert here at FNBO, Mr. Jeff Weeks, our Chief Information Security Officer, to tell us a little bit more about what he's seeing in the cybersecurity landscape and to give us some tips on how we can protect ourselves as consumers, and just as global citizens.

Jeff, welcome to the podcast.

Jeff Weeks: Well, good morning, Amelis. Thank you very much for having me on The Vault. I'm really excited to be here.

Amelis Long: I am too. We're so grateful at the bank to have you and your team just be ready all the time to educate us on how we can be prepared and really aware of what's happening in the landscape. But, we know that not everyone has access to your trainings and your memos that we get that keep us really on point. So today, I want to dive into a little bit about the work that you do and the things that you kind of monitor out in the world, so that we can help our listeners be great cybersecurity citizens. Sound good?

Jeff Weeks: Sounds great.

Amelis Long: All right. Well, let's start a little bit about some of those breaches that we saw last year. What would you say as a leader in this space, what's the biggest takeaway and kind of themes that you're seeing from those?

Jeff Weeks: Well, I would say that the underlying theme around that is exploiting known vulnerabilities that have been out there for a long time. Um, you know, cyber hygiene is what we call it. Um, that's, you know, patching, using multifactor authentication whenever it's available for you. Access reviews, things like that could have could have stopped or blocked the majority of those breaches.

Amelis Long: Yeah, sometimes it's just as simple as the passwords you're using, right? And not using the same password or repeating them, making sure you update your devices, those types of things, right?

Jeff Weeks: Right, just the basic cyber hygiene, things that we like to educate people on to protect themselves. One of the big breaches last year was the Mongo database. It was found by cybersecurity researchers and that led to four billion - and that's a billion with a "B" - records that were actually compromised on the internet and that kept, you know, personal information, email addresses, social security numbers, things like that. And, you know, that's a good example of what we call supply chain risk.

Another breach out there. There was a big target attack on the United States judiciary system. It was their case management platform. And this platform was breached and compromised from a vulnerability that was out there since 2020.

Amelis Long: Wow.

Jeff Weeks: You know, we're seeing a lot of that out there now is a lot of the companies, they have the proper cybersecurity tools in place. They just don't have the diligence and the processes in place to make them effective.

Amelis Long: Yeah. I mean, it really does take all of us. You tell us that all the time at the bank. We all have to be vigilant and ready and doing the right things to make sure that we're protecting ourselves and our customers.

Jeff Weeks: Exactly. And that's the way I look at it. You know, I look at every employee here at First National Bank as part of our cyber defense team. So, you know, when people ask me how big my department is, I love telling them it's 5,000 people strong.

Amelis Long: Yeah. And we're all using technology, right? There is not a probably a person that's watching this podcast for sure that isn't using technology and so has to be aware of all those device updates and that kind of diligence. And I think you said that the hygiene of taking care of your technology. So, these human impact stories, I think, are why we pay so much attention to us because it could happen to us. So how are these, uh, perpetrators or attackers, kind of taking those vulnerabilities of our kind of a personal, that human behavior to into account?

Jeff Weeks: We actually call it social engineering. And that's where they'll actually prey on people's behaviors and emotions to try and trick them into, you know, helping them, helping the hacker out with the breach. You know, they will use authority figures. They will use rush tactics, or they will actually try and come out and scare you at times. I think, um, we've all seen the, you know, the emails, the texts that come out that are like, "hey, we have a package to deliver. If you don't, you know, I need some information if you don't give me the information, we're going to send your package back." And that's kind of a mild one, but then you've also seen the ones on, yeah, I think everybody's gotten the, "you have an unpaid toll in this state, and if you don't pay this immediately, we will revoke your driver's license."

So they're really...praying now on human emotion, trying to get you to make the wrong decision at the wrong time.

Amelis Long: I have been the recipient of some of those tolls and they're really timed really well because it's like I literally just went through a toll. Like, how did this happen? So it can, it can definitely make you second guess yourself, and if you're moving too quickly, which is so easy in this day in age to move so fast. You don't, sometimes you just don't think about it.

It sounds like, though, they're maybe getting better at playing with their emotions. They're not necessarily growing in complexity, right? There's some of the things are kind of old tricks of the trade. Is that fair to say?

Jeff Weeks: It's the old tricks of the trade. They're not really changing the philosophy behind the cyber-attack. They're just finding more realistic ways of tricking people into thinking they're actually talking to a real person or texting or emailing with a real person on the other end.

Amelis Long: Would you say that artificial intelligence or AI is playing into that, that real impact?

Jeff Weeks: I would say artificial intelligence is a huge player in making the attacks more successful.

Amelis Long: Okay. Tell us more about that.

Jeff Weeks: You bet. AI is allowing the hacker to become quicker at their attacks. They're allowing them to be more realistic in their communication. I mean, they're making it look like the email and the communication is directly coming from the entity. I mean, they're copying the branding. They're now with AI, they're copying the tone of the email or the communication, and it just speeds it up a lot quicker.

You know, in the past, it was easy to tell when a hacker was trying because words would be misspelled or they'd use the wrong grammar. You could tell it was somebody from overseas because it was, we don't use that, we don't spell that word that way in the United States, things like that. AI has removed all those flaws from the hacker's strategy and it's getting really hard.

Amelis Long: I kind of want to think about being prepared or being vigilant in kind of two buckets. So, one, we have folks, uh, in the business world, who are part of our audience who are looking for, kind of, what are businesses doing or should be doing? You mentioned like kind of your philosophy here at the bank is that everyone's a part of cybersecurity. But what should business leaders be thinking about as far as creating cyber resiliency?

Jeff Weeks: Well, I would think the main thing to focus on is awareness. You need to get the awareness out. People need to be educated on how to protect themselves. And the more awareness you can spread, the better we all are going to be.

The other piece, I would say, is make sure you have an incident response plan in place. This is one of the key things is realizing that an incident can happen. So, you need to make sure you have an incident response plan or a playbook in place. And that's going to define, you know, on how signing authority, decision authority, who has that authority, transparent communication, crisp communication, it's going to help you maintain the trust of your customers around that. It's going to help you recover from incidents quicker. And it's going to provide greater regulatory outcomes.

You don't want the first time you're going to use your incident plan is under the gun when you actually need it. You need to rehearse this and test it and plan your incident because nobody's judged anymore on whether they are breached or compromised. Now they're being judged on how they respond to the breach.

Amelis Long: It's not a if it happens. It's really a when it happens.

Jeff Weeks: That's correct. That's the new philosophy in the cyber world. It's no longer a matter of if, it's when. And you need to be prepared to handle it when that does happen.

Amelis Long: So now how about on the on the consumer side? Whether they're customers of a financial institution or they're just, you know, logging onto their email. What should they be looking out for?

Jeff Weeks: Yes, on the consumer side, you need a plan as well. You need to go through and make sure this is what we're going to do. This is who we're going to call. This is, you know, the steps we are going to take as a family if something happens.

I mean, some of the basic stuff is just set up a password with your family. That way, if somebody were to call you and it sounds like your daughter or your son or your husband or your wife, in a panic mode saying, I need, I need some money or I need some information, you can ask them for a password. So, if it's AI or the hacker, they're not going to know your password. So, it's basic stuff like that.

It's then also, you know, educating and testing the plan. Again, with the consumer. You don't want to, you don't want to use it the first time when you actually need it. You don't want it to be well rehearsed. And it should also, you know, educate your family, your friends, everybody. The more people that know, the better off we all are.

Amelis Long: You were telling me a story about an AI incident. I'd really like the audience to hear it too. So there's, I think you called it voice cloning. Tell us about what that is and kind of the story that you have for us.

Jeff Weeks: You bet. AI is now leading to voice cloning. So, they can make recordings, videos, and make it sound like somebody you know, and they can pull that information from little pieces of that person talking on a phone, on the internet, things like that.

So, uh, voice cloning sounds like somebody you know, and we're starting to see in the corporate world, we're seeing they will send the voice clone to a security group or a financial group saying, "hey, I just want you guys to, we have an issue with this customer, just handle it quickly." And the person on the phone thinks that it was their supervisor that actually asked them to. So that leads to some problems.

Very interesting story. There was a lady in Florida. Her daughter called her on the phone, hysterical, upset, and was telling her that she needed some money. She was in an automobile accident. It was her fault. At that point, a gentleman got on the phone and told the mother that your daughter was in an accident. It was her fault. I need $15,000 to bail her out of jail. Well, to this day, the mother says that nobody can convince her that that was not her daughter, because she knows her daughter's cry. So, it cost that mother $15,000 with voice cloning.

Amelis Long: Wow.

Jeff Weeks: The best advice I could have there is if you get a phone call from somebody asking for your personal information or for money. Hang up the phone and call them back at a number that you have. In this case, would have been a great example of having a family password.

Amelis Long: Absolutely. She could have asked for the password, would have automatically known it wasn't her daughter. Wow, that's a powerful story. Again, why these incidents are so impactful for us as viewers because there, it could happen to any of us. Any one of us could have had that a phone call like that and been convinced. So, thanks for sharing that, Jeff.

Jeff Weeks: You bet.

Amelis Long: Yeah, you had a campaign, um, maybe sometime last year where you really focused on family preparation. And I went back home and worked with my daughter. So, she's, uh, she's a teenager now and just walked through, like, what are some of these emails that are in your in your inbox? And which ones are real, which ones are not? And I was really thrilled later on, she came to me and was like, "I think I got a scam email, mom," and we were able to look at it and identify yeah, it wasn't, it wasn't legit. Uh, so even just like doing things like that, uh, taking a moment to walk them through and giving our kiddos or our family members or adults in our family, um, a little healthy suspicion.

Jeff Weeks: That's great to hear because, you know, it sounds like they're getting it. They're paying attention. A lot of times in the past, people will just gloss over things and not pay attention to what's going on. As I am a trust and verify guy by nature, if you're suspicious and you question things, you will catch a lot of a lot of the bad attempts or social engineering attempts.

Amelis Long: Yeah, I love that. That's a great philosophy for everyone to have. What are other things that you would really want our audience to know about cybersecurity?

Jeff Weeks: I have some key takeaways that I would, if they take anything away from this, it should be these key takeaways. And the number one is training and awareness. So, if they're listening to this podcast, they're already handling the top priority to protect themselves, just educating themselves, their friends, their family. That is critical.

The second one is just handle and perform proper cyber diligence. Now, I know that sounds a little confusing, but it's very simple and basic. Just make sure you use strong passwords when you're using them. Change your passwords often. I know that's easier said than done when you have multiple passwords across multiple websites on the internet.

Use multifactor authentication if it's offered. A lot of places will offer, but they won't mandate. Here at FNBO, we mandate multifactor. And that's where they get a code or an email or a text or something that it's an extra layer of protection, that, you know, if the hackers have their user ID and password, they're not going to have their cell phone, that that code comes to, and that's the last piece to get.

Amelis Long: Right.

Jeff Weeks: Another key takeaway I have is patching and password administration. Patch your system, Patch your devices. The security patches are free. Set up your device, your phone, your iPad, your PC, set it up to automatically update security patches at two and three in the morning. That way you're not interrupted with the update. You wake up and your devices has the latest security patches on there.

Don't forget what we call IOT. This is the internet of things. Everything today is connected to the internet. So, when you're changing passwords and updating security patches, you also need to look at your refrigerator at your house that's connected to the internet. Your light bulb, your thermostat, your garage door opener. Because a lot of people will say, well, "I don't really need to keep the hackers away from that." But, if you think about your refrigerator. They're smart now. They're connected to the internet, and you can set them up to say "if I get below a gallon of milk in my fridge, automatically order it from the grocery store and have it delivered to my house." Well, the one thing, how does your fridge pay for that? It's because your fridge has the credit card number in there somewhere. And if you don't protect your fridge, the hacker will be able to get your credit card number.

Amelis Long: Yeah, seems like something, again, that you wouldn't even worry about thinking about. I don't need - who cares if they know what's in my fridge. Judge away!

Jeff Weeks: So they get into my thermostat. What's - I don't, well, if it's like it is here today with the cold weather and they turn your heat off and your pipes freeze. Now they're just creating chaos. And that's one of their main goals. If they can't get in and breach you and compromise and make money on what they're doing, they will definitely try to implement some chaos in your life.

Amelis Long: Wow. Just another thing to add to my to-do list, I think, Jeff.

Jeff Weeks: Be skeptical. I mean, really question everything. I like to tell people when I'm out giving presentations is, slow down and ask yourself, "do I really care if somebody sees what I'm doing?" You know, if you're on a website and you're looking at sporting events or scores, you don't really care that somebody's looking. But if you're getting ready to do sign on to your online banking or eBay or Amazon, a money transaction is going to take place. You're going to go, you know, "I really care if somebody sees this." And then you're going to look around, make sure nobody's watching you. You're, you know, make sure you're connected to a private Wi-Fi, not a public Wi-Fi, at a cafe shop.

Amelis Long: All great takeaways and really things that folks can apply today after listening to the podcast.

Jeff Weeks: Right.

Amelis Long: Oh. Since I have you here, I'm going to ask a personal question. My kiddos have always asked me to get one of those little devices that they can order things automatically or turn on the radio or check the temp. I think you know what I'm talking about.

Jeff Weeks: I do.

Amelis Long: What are your thoughts on that? Is that something I should be worried about when it comes to cybersecurity?

Jeff Weeks: That's a great question. That's one that's not really focused on and overlooked a lot. How do you turn those devices on? How do you make them listen to what you're saying? And it's usually by saying, "hey, Alexa."

Amelis Long: Mm-hmm.

Jeff Weeks: So that should be a warning sign to you right there. That means that device is constantly listening. And that's constantly recording what it hears into the cloud. I would say make sure if you're going to use one of those devices, people just need to be aware that that device is always listening and always recording.

Amelis Long: So while it could be a benefit, it also is just listening to your innocuous conversations. Uh, learning your behaviors and kind of opening up those vulnerabilities.

Jeff Weeks: That's correct. I mean, if you just think of something very simple, if you're in the kitchen, and you're at the computer doing online banking and you can't remember what your password was, and you holler across to your husband, "hey, what was our password to online banking?" And he hollers it back to you? Okay, now it's recorded in the cloud.

Amelis Long: Well, I think I know my answer, and I'm not sure it's changed.

Jeff, I so appreciate you joining us today on The Vault.

Jeff Weeks: Thank you for having me. I appreciate it. This is something I'm very passionate about, and I love spreading the word about security awareness, training, education. Because like I said earlier, the majority of these attacks, breaches and compromises, identity theft, and things like that, can be removed by just some basic cyber hygiene.

Amelis Long: Yep. Staying vigilant, staying aware.

Jeff Weeks: Correct.

Amelis Long: Would you like to close out the podcast today and say goodbye to our audience?

Jeff Weeks: I would. So again, thank you for having me. If you'd like to learn more about protecting yourself and cybersecurity, how to mitigate the threats, come to our website, fnbo.com and click on the security center. We have blogs, we have all types of information and ways to protect yourself.

Amelis Long: Yeah, love those resources, Jeff. We'll be sure to put them in our show notes so folks have easy access to them as well.

Jeff Weeks: Again, be skeptical on everything you're doing, ask yourself, "do I really care if somebody sees what I'm doing here?" And if the answer is yes, then you know you have other steps to take to protect yourself. If the answer is no, then surf away at the airport Wi-Fi and the cafe shop.

Amelis Long: Protect yourselves. And we'll see you next time on The Vault.

View More Episodes

The Vault is brought to you by FNBO. Member FDIC, equal housing lender. 

Podcasts are for informational purposes only and not intended to provide specific advice or recommendations. When making decisions about your financial situation, consult a financial professional for advice. Podcasts are not regularly updated and information may become outdated. 

© 2026 First National Bank of Omaha (FNBO). All Rights Reserved. 1601 Dodge Street, Omaha Nebraska, 68197

FNBO is an Equal Opportunity/Affirmative Action/Veterans/Disability Employer.

NMLS 412727

Only deposit products are FDIC insured.

 Investment Products are: NOT FDIC INSURED • NOT A DEPOSIT OR OTHER OBLIGATION OF THE BANK • NOT INSURED BY ANY FEDERAL GOVERNMENT AGENCY • NOT GUARANTEED BY THE BANK • MAY LOSE VALUE