7 STRATEGIES FOR MITIGATING CYBERSECURITY RISK When it comes to cybersecurity, a good offense is a key component of a good defense. Much like organizations, hackers continuously learn and hone their skills. So, it’s critical to keep up with the latest threats they deploy, identify potential vulnerabilities and understand how your bank would respond to an attack. By examining vulnerabilities before a real hacker has the opportunity, your institution can take an offensive approach and mitigate cybersecurity risk. HOW TO MITIGATE YOUR BANK’S RISK How can financial institutions take steps to strengthen cybersecurity in the face of evolving threats? Here are several tips to mitigate cybersecurity risk for your institution: 1. Conduct penetration tests. During a penetration test, a tester identifies vulnerabilities or security weaknesses and then attempts to leverage them to gain deeper access into your network. Penetration tests often reveal eye-opening results by showing how many points of entry exist across your network. While still valuable, a vulnerability scan or assessment offers a broader view than a penetration test; however, the results are much more generic. Since a penetration test is more manual and object-oriented, it provides directly actionable information to help you evaluate and resolve weaknesses likely to be leveraged by a malicious individual. Combining these with a layered security approach offers the most protection. 2. Remediate results. Don’t be afraid of the results from a penetration test or vulnerability assessment. Assessments aim to strengthen your approach, not to serve as a pass/fail benchmark. Your institution should analyze the results and remediate any issues for optimal effectiveness. Remediating any issues or critical vulnerabilities after an assessment is a key step in preventing bad actors from exploiting your weaknesses. 3. Prioritize cybersecurity education. Since cybersecurity is a business issue, employees outside the IT department play an important role in cybersecurity. From loan officers to tellers, employees have access to a myriad of systems and are potential targets as a result. While employees don’t have to be cybersecurity experts, it is still beneficial to practice good security hygiene. This is also a cost-effective measure, as the cost By Tyler Leet Director of Risk and Compliance Services for CSI’s Regulatory Compliance Group, ICBC Associate Member INDEPENDENT REPORT | 21
RkJQdWJsaXNoZXIy MTg3NDExNQ==