Review and ensure that backups and compliance understand the new reporting requirements and keep up with any changes. T he crisis unfolding in Ukraine is creating a ripple effect in the United States that impacts our daily life. This article consolidates information on what is expected of financial institutions and suggests strategies for mitigating potential nation-state attacks. Some financial institutions have already taken such actions in the course of business, and others began making changes as a preventive measure in today’s cyber threatridden climate long before the invasion of Ukraine. The following recommendations are meant to be an addendum to your already strong cybersecurity posture. CISA hosts a Shields Up page (cisa.gov/shields-up) which is a resource to help reduce cybersecurity risk. Please include these contacts in your incident response policies and business continuity plan: • CISA via the 24/7 CISA Central at central@cisa.dhs.gov or 888-282-0870. • FBI at your local office or cywatch@fbi.gov and 855-292-3937. Seriously consider performing a documented review/internal audit of the following in early 2022: • Look into your cybersecurity insurance policy and ensure that it will cover nation-state attacks and a ransomware negotiator to whom you will have access. • Review and ensure that backups and compliance understand the new reporting requirements and keep up with any changes. There is a bill currently going through Congress which will require critical infrastructure to report to the Department of Homeland Security within 72 hours with the ability to shorten that timeframe significantly. Additionally, CISA may shortly become the hub for cybersecurity concerns. • Validate all remote access, administrative access, and privileged access controls. • Verify multifactor authentication is present on all the above. If not, ensure access is accepted with compensating control lists. If MFA is not available on a device, consider having it set as an explicit exception. Cybersecurity in Times of Tension By Anne Benigsen CISSP, President CivITas Bank Solutions • Confirm that the review/audit has been completed and all ports and protocols that are not essential are blocked. In addition, use this opportunity to go through the firewall and clean out any stale entries or old rules. • Make sure any cloud services have been audited recently and have appropriate security. CISA has posted suggestions at cisa.gov/uscert/ncas/analysisreports/ar21-013a. This is a growing priority in regulation and a heavy focus of threat actors. Knowing how to secure your cloud environment is not the same as securing on-premises or in a data center. Both the senior management of your bank and the regulators need coloradobankers.org 4
RkJQdWJsaXNoZXIy MTIyNDg2OA==