Pub. 10 2022 Issue 1

The Community Banker 25 We are thinking about our ability to identify, protect, detect, respond and recover. We are doing this from the viewpoint of an administrator. What do the standards say? Do we have the right boxes checked? Are we compliant? I am not critical of this approach. It is necessary and valuable. It drives less risk and greater readiness. I am simply advocating that leaders get to know their enemy better before they find themselves facing off with them. Five enemy attributes all banking leaders should understand: 1. The enemy has an attack framework. No different than we have a security framework. 2. If you understand this framework, you'll work better strategically to prepare and better tactically during an attack. 3. We aren't dealing with a single attacker or even a group. The enemy is made up of many different organizations, businesses, and areas of specialty. They don't all get paid the same way or at the same time. It is a professional outsourcing marketplace at a sophisticated, industrial scale. There is an entire industry around recon – finding organizations that fit specific criteria – and then selling that information – another industry that works to gain access using the recon information purchased. They sell that access to the next group, who are experts at gathering intelligence within the environment that could be leveraged for true profits in the right hands. This approach has made the enemy diverse in its skills, motives, tools, best practices, etc. It has also made their business very commercially viable while managing the risk of getting caught and apprehended. The majority of the perpetrators are in the research and development business, not conducting the actual dirty work and making it all the more palatable for their workforce. 4. Eventually, the enemy must create leverage and maximize profits. Leverage isn't simply encrypting some essential files and then requesting a payment. The enemy has a playbook for turning up the heat. They are willing to be an anonymous whistleblower to the media, call customers directly to inform them of what's going on, notify regulators before you may be prepared to address their questions, leak internal documents and emails, leverage your insurance coverages by reading your policy before they alert you to their presence, halt your technical operations through other forms of attack keeping you from conducting day to day business. 5. The enemy is using your tools against you. Why use a malicious tool that could be easily detected when you could use a safe tool already ready for malicious purposes? This change in tactics is making legacy detection methods less useful in the fight. 6. The enemy does not target you or your organization specifically. It isn't personal. You are a transaction to the enemy, nothing more. Reconnaissance showed a technical vulnerability that was exploitable. That's what created the target for the enemy. Nothing more. Montana organizations have a false sense of security because we think we are off the map. We are not! Cybersecurity articles often create fear. Maybe that's not a bad thing. However, it is not my intent. Too many leaders have defined this problem as too technical, complex and expensive, and possibly too scary. This definition leads to avoidance of the problem. This approach isn't acceptable in banking, obviously. Montana Independent Bankers need acceptance and action that is not only preventative but also helpful in the event of a response. Knowing thy enemy should help on both fronts of this escalating battle. For more information on First Call Computer Solutions please visit firstsolution.com. Cybersecurity articles often create fear. Maybe that’s not a bad thing. However, it is not my intent. Too many leaders have defined this problem as too technical, complex and expensive, and possibly too scary. This definition leads to avoidance of the problem. This approach isn’t acceptable in banking, obviously.

RkJQdWJsaXNoZXIy MTIyNDg2OA==