The current geopolitical climate, greater reliance on digital channels and increased turnover in a variety of industries have created an environment ripe for vulnerabilities. And cybercriminals are wasting no time exploiting the weaknesses and vulnerabilities of systems to launch sophisticated attacks. customers, especially those newest to digital banking, are another component of the “people factor,” institutions must ensure they reinforce the importance of good cyber hygiene through cybersecurity awareness programs, which could include videos and gamification. 3. Update Your Incident Response Plan (IRP): Institutions must consider all the operational, financial and reputational implications of being held hostage to ransomware. Your bank’s IRP should include planning for data and system backups, communication plans, business continuity plans if employees or customers are unable to access your systems and dealing with the attackers. You don’t want to confront those issues for the first time during a ransomware attack. With 23% of bankers reporting IRP testing as a top tactic to combat cyber threats, remember that maintaining a tested IRP puts your bank in a stronger position to withstand an attack. 4. Conduct Vendor Due Diligence: Even if your internal systems and employees are prepared for a cybersecurity attack, your bank is vulnerable if an external vendor does not adhere to the same defense standards. Appropriate cybersecurity due diligence and regular monitoring should be conducted on all third-party vendors, especially any external vendor who has access to your sensitive data or systems. This process is critical to mitigate risk of supply chain attacks, which have surged in the past year. 5. Implement Multi-Factor Authentication (MFA): Incorporate MFA into all applications where employees — or customers —must enter their credentials. With MFA, multiple authentication factors are required to verify a user’s identity, preventing unauthorized account access. This verification strengthens resiliency and provides an effective defense against the two largest threat vectors: social engineering and phishing. When confronted with this extra obstacle, many hackers will move to a less secure target. Maximize Protections with a Layered Approach to Cybersecurity As institutions navigate the changing cybersecurity landscape, embracing a layered approach to cybersecurity will maximize protections for your bank. Implementing multiple layers of security — including cybersecurity training and tools — makes it more difficult for cybercriminals to infiltrate your systems and keeps employees and customers secure. Download CSI’s 2022 Banking Priorities Executive Report for additional insight into bankers’ perceptions of cyber threats, technology, compliance and more. ■ Steve Sanders serves as CSI’s chief information security officer. In his role, Steve leads CSI’s information security vision, strategy and program and chairs the company’s Information Security Committee. He also oversees vulnerability monitoring and awareness programs as well as information security training. With over 15 years of experience focused on cybersecurity, information security and privacy, he employs his strong background in audit, information security and IT security to help board members and senior management gain command of cyber-risk oversight. June 2022 | 19
RkJQdWJsaXNoZXIy ODQxMjUw