LEGAL EAGLE SPOTLIGHT Shawn Tuma Spencer Fane LLP Andrea Perry Spencer Fane LLP Around the country, banks and other financial institutions are doubling down on cybersecurity efforts in order to protect against a recent spike in destructive attacks, ransomware, and “island hopping” – a type of hack that involves attackers exploiting the weaknesses of small businesses tomove laterally to target larger organizations. Financial institutions cannot ignore this threat andmust address it head-on; all banks, regardless of size, should have an operational cyber riskmanagement program in place led by trusted cyber legal counsel. According to a 2022 VMware report, “Modern Bank Heists 5.0,” 63% of financial institutions experienced an increase in destructive attacks.This is up 17% from2021. In the same survey, 74% of respondents stated they experienced one or more ransomware attacks, and 63% of those victims paid the ransom. Lastly, 60% of financial institutions experienced a 58% increase in island hopping from last year.The report’s findings are based on a February 2022 survey of 130 chief information security officers and security leaders at financial institutions, 41% of which were headquartered in North America. Combine this with the new requirements of the Cyber Incident Reporting Act, signed by President Biden in March 2022, that went into effect in May, and the value of effective cybersecurity programs becomes apparent, particularly when faced with a threat or active attack. The Act requires owners and operators of critical infrastructure to report cyber incidents to the U.S. Department of Homeland Security (DHS) and Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours and ransomware payments within 24 hours. So, how do banks combat the ever-evolving threat of data breaches and cybersecurity attacks? Here are eight tips to help financial services leaders remain vigilant: 1. Nobody thinks that this is going to happen to them. It is better to prepare for an event that never happens than to be unprepared when an incident occurs. Cyber issues affect everyone. Create a disaster recovery plan to help avoid data loss and minimize business downtime in the event of a security breach. Eight Steps to Handling a Cybersecurity Crisis at Your Bank 8 | The Show-Me Banker Magazine
RkJQdWJsaXNoZXIy ODQxMjUw