Heightened Cybersecurity Risk: What You Need to Know

Posted by Jennifer Roland-Vlach

Wed, Mar 18, 2020 @ 10:13 AM

On January 16 of this year, the FDIC and OCC issued the Joint Statement on Heightened Cybersecurity Risk. This Statement came amid increased geopolitical tensions between the U.S. and Iran and was an effort to bring awareness to the potential of a cyber attack and how financial institutions (FIs) should prepare themselves. The Statement does not provide any new information, but rather emphasizes standards previously outlined in the Interagency Guidelines Establishing Information Security Standards and FFIEC resources. The Statement reminds FIs that adhering to previously recommended principles and risk mitigation strategies will help to reduce the risk of a successful cyber attack.The Statement highlights areas in which FIs should focus attentions – response and resilience capabilities, authentication, and system configuration. Let’s explore each of these sections in a bit more detail. 

Read More

Topics: Cybersecurity

Web Application Cybersecurity: Not Just for Audits Anymore

Posted by Robert Hudecek

Wed, Mar 04, 2020 @ 12:55 PM

With all the news play that security-related incidents receive, it may often feel like we are in a constant state of war against hackers.  This thought is not that far off, as receiving a personal breach notification now seems like a rite of passage into adulthood. Though mitigation through various password complexities, virus and malware protections, and multifactor authorizations are important, they can also lead to a false sense of cybersecurity.

Read More

Topics: Cybersecurity

Top Spear Phishing Attacks & How to Reduce the Risk of Your Employees Taking the Bait

Posted by Karen Crumbley

Wed, Feb 26, 2020 @ 10:37 AM

This post was co-written by Karen Crumbley, Gladiator®, ProfitStars, and Keith Haskett, Rebyc Security. Karen has been providing Educational Risk Mitigation online training courses and encouraging community bankers to engage in conversations with their peer banks and vendors about how best to mitigate risks within their own institutions. She has also been a valued member of Jack Henry & Associates for thirteen years. Keith led the Risk and Information Security Consulting Services practice at CSI for several years, then co-founded Rebyc to deliver offensive security solutions customized to meet the needs of the highly-regulated, financial services industry.

Despite all of the strides made in the security industry to mitigate phishing scams, they continue to be one of the most successful forms of fraud. One of the primary reasons is due to the extensive efforts bad actors are making to research and observe their targets’ behavior. They monitor and research the users’ activity in order to craft sophisticated and convincing emails that even computer-savvy users struggle to identify, known as spear phishing attacks. Financial institutions (FIs) are faced with combatting phishing fraud through Information Security Awareness and Social Engineering Testing to keep employees up to date on the latest scams. The following list includes common types of spear phishing fraud targeting FI employees. You can share this information across your organization to boost ongoing education efforts.

Read More

Topics: Cybersecurity, Risk/Fraud

A Proven Approach for Enhancing Your Cyber Security and Business Continuity Testing

Posted by Tom Williams

Wed, Jan 29, 2020 @ 10:28 AM

Over the past several years, I’ve had the pleasure of working with many financial institutions (FIs) reviewing and testing both their Incident Response Plan (IRP) for Cyber Security and Business Continuity/Disaster Recovery Plans (BC/DRP). I am pleased to say that most FIs have plans in place to deal with unplanned outages, whether cyber or disaster related. However, the effectiveness of those plans to truly protect the FI and its customers is highly dependent on testing the plan at various levels.

One of the challenges of testing is keeping people involved and excited about the testing process. Getting them to show up for the tests, and more importantly, to follow up and modify their portion of the plan based on the test results.

Read More

Topics: Information Security, Cybersecurity, Risk/Fraud

Best of 2019

Posted by Strategically Speaking

Wed, Jan 08, 2020 @ 11:39 AM

The beginning of a new year – especially a new decade – is a time of reflection. Looking back, 2019 was a tremendous year filled with insightful blog posts written by some of the industry’s finest thought leaders. We look forward to what new topics 2020 will bring – and in the meantime, would like to take a look at some of the top posts from 2019.

Read More

Topics: Payments, Cybersecurity, Digital, Modern Membership

Comparing Clouds: Is A Private Cloud Environment a Better Choice than Public for Hosting Your Infrastructure?

Posted by Sebastian Fazzino

Wed, Dec 04, 2019 @ 09:56 AM

Cyber threats are becoming increasingly sophisticated, complex and pervasive, leaving financial institution (FI) and consumer data more vulnerable than ever before. As risk proliferates, it is no longer a question of if an attack will happen, but rather when fraudsters will strike. FIs, as a result, are challenged to keep up with evolving cybersecurity initiatives, IT regulatory compliance demands, and critical disaster preparedness issues – all while staying within budget and focusing on other significant priorities, such as lending and deposit growth.

Read More

Topics: Financial Institution, Cybersecurity, Risk/Fraud

Security Risk Assessments – A Balance of Risk and Controls

Posted by Viviana Campanaro

Wed, Nov 06, 2019 @ 09:29 AM

Risk – the possibility that something undesirable will occur – is always around us. And we make decisions based around risk every day, from the moment we take our first step, ride our first bike, drive our first car, or buy our first home. These types of risks are usually common and easily understood. As such, we have health insurance in case we get sick or injured, wear helmets on our bikes, wear seatbelts in our cars, and install alarm systems in our homes, all to reduce the risks around us. We understand that we can choose to either accept, transfer, or avoid the risks.

The way we manage security risk within the financial industry is similar, and yet, we often have difficulty doing it efficiently. Risk assessments can make us groan and very seldom make us happy, mostly because there are different types of assessments used to manage different types of risk. We check the compliance box, but don’t always have a complete picture of the issues that could result in a significant breach at the FI. So, how do we bridge the gap between business and security risk?

Read More

Topics: Financial Institution, Cybersecurity, Risk/Fraud

Why Backup is a Critical Part of Your Cybersecurity Strategy

Posted by Eric Flick

Wed, Jun 05, 2019 @ 11:05 AM

It is often overlooked, but it is important to note that backup is a critical part of your cybersecurity strategy. What does backup have to do with your cybersecurity strategy? Backup is a back-office process. Cybersecurity is a frontline approach.

Although there are several frontline and defensive-minded approaches that are more critical than backup, backup is often overlooked. It’s an important part of your multi-layered approach to cyber readiness.

Read More

Topics: Cybersecurity, Community Banks, Data and Analytics

Saving Your Data Means Saving Your Customers

Posted by Eric Flick

Wed, May 01, 2019 @ 03:17 PM

I don’t know about you, but I can remember a time when there were only about a dozen holidays on the calendar. Now it seems like almost every day is National fill-in-the-blank Day.

Disaster Recovery (DR) and Business Continuity (BC) practitioners are up for fun as much as the next person, so not to be left out of this trend, there are a couple of related items you should put on the calendar for the next time they roll around.

Read More

Topics: Cybersecurity, Data Management, Business Continuity, Community Banks, User Centricity

The Team Approach to Cybersecurity

Posted by Jennifer Roland-Vlach

Wed, Jan 16, 2019 @ 11:00 AM

The FFIEC’s Cybersecurity Assessment Tool (CAT) is crucial for compliance, and the IT Regulatory Compliance group always likes to cover it. Since the 2015 release of the CAT, I have noticed a trend that I believe is worth sharing. I have spoken with financial institutions (FIs) that have recently experienced personnel changes – such as new Network Administrators or new Information Security Officers. I like to ask if the new contact knows that the CAT has been updated, and often the answer is no. Or, as is often the case with the shuffle of personnel, the new hire does not know where to even find the most recent CAT, much less know whether it has been updated.

Read More

Topics: Compliance, Cybersecurity

Subscribe to Email Updates

Recent Posts