2021 Vol 105 No 4

Hoosier Banker 35 tions that need to recover from ransomware attacks using their backups often find that the restoration takes longer than they thought it would. As part of their BCPs, banks should prioritize the order of restoration to ensure that the most critical data is restored first. Banks should also perform testing of the restoration of data from backups to ensure that recovery-time objectives are met. • Third-party assessment: Banks should look for evidence during critical vendor due diligence that the third party has sufficient controls in place to detect and respond to a ransomware attack. As part of its BCP, the bank should also identify alternative vendors or processes that could be used in the event a critical vendor is not available due to a ransomware attack. • Tabletop exercises: Institutions should ideally perform ransomware tabletop exercises annually and should make sure that senior management is included in this testing. Discussions during testing should include the delegation of key decisions, such as who has the authority to shut down critical systems during a ransomware attack. The exercise should also include discussions regarding when the bank would consider paying a ransom, and how this payment would be made. • Cyber insurance coverage: Banks should purchase a cyber insurance policy that will help to mitigate the cost of recovery and ransom payments if a ransomware attack is successful against the institution. The coverage should include forensics, customer notification and credit monitoring, public relations expenses, reimbursement for loss of operations, and the payment of a ransom. Ransomware is a crisis that many organizations have recently experienced. While nothing can completely eliminate the possibility of a ransomware attack, banks that implement the above controls will be less likely to experience an attack and, if they are attacked, will be able to state that their planning and security program significantly reduced the impact of the incident. HB MARY ALICE AVERY mavery@wilmingtontrust.com 302.636.6127 MINDY WALSER mwalser@wilmingtontrust.com 702.866.2203 Trustee Services for Senior and Subordinated Debt and Trust Preferred Securities Investment Subsidiaries and Holding Companies Custody Portfolio Accounting Investment Management ©2020 Wilmington Trust Corporation and its a liates. All rights reserved. Wilmington Trust is a registered service mark. Wilmington Trust Corporation is a wholly owned subsidiary of M&T Bank Corporation (M&T). 43300-A 200218 VF ENTITY MANAGEMENT DELAWARE AND NEVADA EXPERIENCE 43300-A GCM20 Hoosier Banker ad 200218 VF.indd 1 2/18/2020 4:13:26 PM Emerging leaders build skills and strengthen networks at this Future Leadership Division event. Click on the icon in HB Digital for more information and latest updates, or go to: indiana.bank/calendar. FLD Leadership Conference Indianapolis SEPT. 2122

RkJQdWJsaXNoZXIy MTg3NDExNQ==