1 31 Table of Contents 33 36

Pub. 11 2020 Issue 3

www.wvbankers.org 32 West Virginia Banker By Chris Joseph, Arnett Carbis Toothman COVID-19 Impact on Information Security Increase in Cyber Events and Attempts I ntroduction. COVID-19 has signifi- cantly impacted all industries and the everyday lives of people throughout the world. The financial institution’s in- dustry is no exception, especially in the area of information security. There has been a substantial increase in cyberat- tacks — successful and unsuccessful — over the past several months. Statistics. There was an upward trend in certain cyberattacks prior to COVID-19, specifically in the area of ransomware. However, there has been a significant increase in activity during the first five months of 2020. According to the VMware Carbon Black third annual “Modern Bank Heists” report, there has been a significant increase in sever- al areas, including ransomware, wire transfer fraud, island hopping, destruc- tive attacks and various other items. The information was obtained from a survey of 25 leading financial institution CISOs. Some of the items noted from the report: • From February to the end of April, there has been an increase in attacks on the financial industry sector by 238%. • During the same time, there has been a 900% increase in ransom- ware attacks. • Sixty-four percent reported an increase in wire transfer fraud over the past 12 months that represents a 17% increase over 2019. • Thirty-three percent reported an increase in the use of island hopping. Island hopping is a term that originated during World War II related to the United States going from one island to the next on their way to Japan. In cyberattacks, if the main target has very tight security and a very good information security team to support the security infra- structure, the attacker looks to other relationships (a supply vendor, a software provider, etc.) for a securi- ty hole to exploit. The attacker then works their way to their primary target going from one relationship to the other until they reach their intended target. • One-fourth reported they were tar- geted by destructive attacks over the past year. In addition, per a Dell survey, RSA Secu- rity LLC reported that 45% of the work- force admitted to one of the following: • Used a public Wi-Fi for business. • Shared confidential data through personal email. • Lost devices (laptops, phones, etc.) containing company information. In the same survey, one in four indicated they engaged in risky behavior to get the job done. These statistics illustrate the increase in attacks on all industries, including the financial institution industry. In addition, workforce/employee behavior can place the financial institution in a vulnerable situation. Risks/Threats. As a result, there has been an increase in attempts to com- promise financial institution systems. These risks/threats include many of what has been experienced previously, such as: • Phishing attacks • Negligent and malicious insiders

RkJQdWJsaXNoZXIy OTM0Njg2