WHAT BANKS NEED TO KNOW ABOUT CIS CONTROLS In just the first half of 2021, the banking industry experienced a 1,318% increase in ransomware attacks. Banks have become prime targets for cybercriminals due to the large amounts of sensitive customer data they hold. To protect this data, as well as maintain compliance with strict regulations, banks must have a strong cybersecurity strategy. This strategy should consider the unique needs of financial services cybersecurity. There need to be stronger controls, better knowledge of banking networks, better reaction time to threats, and a better ability to recover from incidents. A great way to achieve these goals is by implementing the CIS Critical Security Controls (CSC). What Is CIS? The Center for Internet Security (CIS) is a nonprofit organization providing guidance and best practices for improving cybersecurity for financial services. CIS is a parent of MS-ISAC, the information sharing and analysis center for state, local, tribal, and territorial governments. They offer a framework of critical security controls that effectively protect against the most common attacks. Why Should Banks Use CIS Controls? Banks are increasingly targeted by cybercriminals, and the stakes are high. These controls are put in place to manage identified risks. They can be physical barriers (e.g., locks and walls, electronic barriers like firewalls, and software like antivirus), as well as policies, procedures, and training. Abiding by these controls helps examiners know you’ve identified your risk for IT incidents and placed appropriate controls in place to manage them. For a better financial services cybersecurity strategy, you need to know how your network works and be aware of any changes that might invalidate the controls you have put in place. By Mike Gilmore, Chief Compliance Officer, RESULTS Technology NEBRASKA INDEPENDENT BANKER 26
RkJQdWJsaXNoZXIy ODQxMjUw