NEBRASKA BANKERS ASSOCIATION 19 RANSOMWARE cyberattacks are one of the fastestgrowing attack methods globally, causing many organizations to ask themselves a critical question. Have we done enough to secure our institution against a ransomware attack? Ransomware readiness is crucial in today’s cyber climate, but evaluating the processes and controls you have in place to prevent, recover from, and mitigate the effects of a ransomware attack can seem like a daunting task. Pair that with the abundance of ransomware readiness guidance available, and formulating a plan to assess your institution can make most of us want to turn around and go home. If you want to assess your institution’s ransomware readiness and aren’t sure where to start, or maybe you’ve reviewed some of these sources already and are confused about which one to put your time into, don’t panic! We will review several references to help get you started. In October 2020, the Conference of State Bank Supervisors released their Ransomware Self-Assessment Tool (R-SAT). The R-SAT was developed to help financial institutions assess their risk for ransomware and identify any gaps in their ransomware protection program. It was also designed to give executive management and the board of directors an overview of an institution’s preparedness in the event of a ransomware attack. Then, in December 2020, SBS CyberSecurity released Top Six Controls to Mitigate a Ransomware Attack. This resource lists specific controls that can be put in place to protect your institution’s network and data from a ransomware attack. Fast forward a year later, in August 2021, the Cybersecurity and Infrastructure Security Agency (CISA) released a fact sheet titled, “Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches.” This fact sheet provides information on preventing and responding to ransomware-caused data breaches. Let’s dig into each of these resources to see how using them together can help you build a strong ransomware protection program. Who is the audience for each guide? Right off the bat, the R-SAT lets you know its audience. From executives to directors, the R-SAT promotes valuable insight into an institution’s preparedness. For example, it can be used by an information security officer (ISO) to: • Assess readiness • Report on programs • Identify gaps Tech Talk— continued on page 20 TECH TALK
RkJQdWJsaXNoZXIy MTIyNDg2OA==