To protect this data, as well as maintain compliance with strict regulations, banks must have a strong cybersecurity strategy. There must be stronger controls, better knowledge of banking networks, better reaction time to threats, and a better ability to recover from incidents. A great way to achieve these goals is by implementing the CIS Critical Security Controls (CSC). What Is CIS? The Center for Internet Security (CIS) is a nonprofit organization that provides guidance and best practices for improving financial services cybersecurity. CIS is a parent of MS-ISAC, which serves as the information sharing and analysis center for state, local, tribal, and territorial governments. They offer a framework of critical security controls that are effective in protecting against the most common attacks. Why Should Banks Use CIS Controls? These controls are put in place to manage identified risks. They can be physical barriers like locks and walls, electronic barriers like firewalls, or software like antivirus, as well as policies, procedures, and training. Abiding by these controls helps examiners know that you’ve identified your risk for IT incidents and placed appropriate controls in place to manage them. For a better financial services cybersecurity strategy, you need to know how your network works and be aware of any changes that might invalidate the controls you have put in place. By Mike Gilmore, RESULTS Technology WHAT BANKS NEED TO KNOW ABOUT CIS CONTROLS “For a better financial services cybersecurity strategy, you need to know how your network works and be aware of any changes that might invalidate the controls you have put in place.” The Top 7 CIS Controls Here are the top seven controls adopted by the FFIEC for InTREx Exams: 1. Inventory & Control of Enterprise Assets Your bank needs to keep track of what assets you have and where they are located. This is important because it helps you to know what needs to be protected and how best to protect it. It’s important to regularly review or use tools to generate alerts to any asset changes. Be especially aware of the “internet of things” (IoT). Security cameras, thermostats, IP phones, HVAC systems, etc., are often unsecured and can provide a way for attackers to gain access to your network. 2. Inventory & Control of Software Assets This control helps your bank ensure that your assets are properly configured and secure. In many cases, software vulnerabilities are the root cause of attacks because attackers will exploit them to gain access to your network. You can help mitigate these risks by keeping your software up to date, regularly reviewing and removing unauthorized software, and preventing the installation of unauthorized software. 3. Data Leak Protection This control helps you protect your data from unauthorized access and loss. This includes ensuring that sensitive data is encrypted, both at rest and in transit. It is also learning where data is stored and how it travels. In the past few years, a record number of ransomware attacks have hit the banking industry. Banks, both large and small, continue to be prime targets for cybercriminals due to the large amounts of sensitive customer data they hold. 20 | The Show-Me Banker Magazine
RkJQdWJsaXNoZXIy ODQxMjUw