“Banks are increasingly targeted by cybercriminals, and the stakes are high. These controls are put in place to manage identified risks. They can be physical barriers (e.g., locks and walls, electronic barriers like firewalls, and software like antivirus), as well as policies, procedures, and training.” In just the first half of 2021, the banking industry experienced a 1,318% increase in ransomware attacks. Banks have become prime targets for cybercriminals due to the large amounts of sensitive customer data they hold. To protect this data, as well as maintain compliance with strict regulations, banks must have a strong cybersecurity strategy. This strategy should consider the unique needs of financial services cybersecurity. There need to be stronger controls, better knowledge of banking networks, better reaction time to threats, and a better ability to recover from incidents. A great way to achieve these goals is by implementing the CIS Critical Security Controls (CSC). What Is CIS? The Center for Internet Security (CIS) is a nonprofit organization providing guidance and best practices for improving cybersecurity for financial services. CIS is a parent of MS-ISAC, which serves as the information sharing and analysis center for state, local, tribal, and territorial governments. They offer a framework of critical security controls that effectively protect against the most common attacks. Why Should Banks Use CIS Controls? Banks are increasingly targeted by cybercriminals, and the stakes are high. These controls are put in place to manage identified risks. They can be physical barriers (e.g., locks and walls, electronic barriers like firewalls, and software like antivirus), as well as policies, procedures, and training. Abiding by these controls helps examiners know you’ve identified your risk for IT incidents and placed appropriate controls in place to manage them. For a better financial services cybersecurity strategy, you need to know how your network works and be aware of any changes that might invalidate the controls you have put in place. The Top 7 CIS Controls Here are the top seven controls adopted by the FFIEC for InTREx Exams: 1. Inventory & Control of Enterprise Assets Your bank needs to keep track of your assets and where they are located. This is important because it helps you to know what needs to be protected and how best to protect it. It’s important to regularly review or use tools to generate alerts to any asset changes. Be especially aware of the “internet of things” (IoT). This is the growing trend of interconnected devices, such as security cameras, thermostats, IP phones, HVAC systems, and even coffee makers. These devices are often unsecured and can provide a way for attackers to gain access to your network. It’s so easy to plug devices into your network that can act as an entry point. 2. Inventory & Control of Software Assets This control helps your bank ensure that your assets are properly configured and secure. This includes ensuring that only authorized users have access to sensitive data and that all data is properly backed up. BY MIKE GILMORE, CHIEF COMPLIANCE OFFICER, RESULTS TECHNOLOGY WHAT BANKS NEED TO KNOW ABOUT CIS CONTROLS Endorsed Partner cbak.com 18 In Touch
RkJQdWJsaXNoZXIy ODQxMjUw