comprehending the ransomware issues themselves. Still, others knew their R-SAT had not been completed thoroughly or that its completion had been delegated to personnel with insufficient knowledge or experience to provide a credible challenge. It is essential to avoid considering the R-SAT as just another regulatory compliance process versus leveraging it to thoroughly help evaluate risks and controls. Candidly, the R-SAT is an important tool that should be completed appropriately by those responsible for cybersecurity. Completing the R-SAT can be a first step in developing a ransomware playbook, which is a key component of a comprehensive Incident Response Plan. Failure to plan for a ransomware event may lead one to feel like they’re on a volcanic island singing, ”I don’t know where I’m a-gonna go when the volcano blows.” Now, let’s slow the tempo and look into key control gaps that regulators identified in the lessons learned report: The Role of MFA Multi-factor authentication (MFA) was one control consistently implemented by all victims following a ransomware incident (if they were not already using it). While MFA is not a silver bullet for weak security practices, your R-SAT should document the reasoning for not using MFA. MFA is a seemingly simple security feature; however, there are many variations and implementation methods, each with strengths and weaknesses. Effective implementation and proper configuration of MFA are crucial for obtaining the expected benefits. The new tool places increased emphasis on MFA, which is now an expanded, standalone question. Understanding, Identifying, and Managing “Hyper‑local” Social Media While you may be unfamiliar with the term, chances are you are already using “hyper-local” social media to some extent. Think of Nextdoor, Facebook Neighborhood, or Citizen, those websites and applications that you use to stay up on the local gossip, complain about the service you received in the driveup, or if anyone was injured in the wreck you saw on the way to work — the site everyone monitors, which a few very active users usually dominate. Your Incident Response Plan must consider traditional social media and these hyper-local social media platforms. Banks must stay informed about these platforms and actively check for any false information or adverse feedback that could affect their reputation or customer confidence during ransomware. Banks are advised to establish protocols for crisis communication to manage posts on both hyper-local and traditional social media effectively. 26 Nebraska Banker
RkJQdWJsaXNoZXIy ODQxMjUw