TOPICS

Thursday, August 31, 2023

Mitigating Cyberattacks

QUESTION 

Well, it finally happened! We were hit with a cyberattack. We’re a small bank but have handled our cybersecurity carefully and passed safety and soundness exams. Yet, we were attacked. It seems nobody is safe! 

We don’t know where the attack came from, but a new computer consultant thinks our cybersecurity will need to be improved. She is especially concerned about internal threats by employees who do not follow our system rules. 

We would like you to suggest the types of proactive measures we should take to protect ourselves from cyberattacks. 

In what ways can we mitigate cyberattacks? 

ANSWER 

Your organization must be vigilant in protecting your data and operations from all threats, including ransomware, phishing, social engineering leading to business email compromises, and distributed denial-of-service (DDoS) attacks. The attacks include incidents directly related to critical vulnerabilities. 

All financial institutions and associated entities should take immediate and comprehensive action to protect their systems, sensitive data, and the financial well-being of their members. 

I will recommend certain primary mitigation steps and best practices. Monitoring, testing, and training must be ongoing to safeguard against evolving cyber threats. 

Here are nine proactive measures you can take to mitigate cyber threats. 

MITIGATING CYBER THREATS

1. Multifactor authentication 

Implement multifactor authentication for all sensitive accounts and systems, including email accounts and remote access portals. This measure adds an extra layer of protection against unauthorized access and phishing attempts. 

2. Employee cybersecurity awareness training 

Conduct regular cybersecurity training for all employees to raise awareness about phishing, social engineering, and other common attacks. Educate employees about the risks and implications of clicking suspicious links or opening malicious attachments. 

3. Email security and anti-phishing measures 

Deploy advanced email security solutions with phishing detection and blocking capabilities. Here are a few that come to mind: Slender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Authentication, Reporting, and Conformance (DMARC) protocols to prevent email spoofing and enhance email authenticity. If you’re unfamiliar with these terms, speak to your consultant about them. 

4. Incident response plan 

Develop and regularly test an incident response plan to ensure a swift and coordinated response in the event of a cyberattack. Assign specific roles and responsibilities to designated personnel and rehearse various attack scenarios. Be sure to have a robust Disaster Recovery and Business Continuity Plan. Also, establish a Crisis Command Structure. 

Learn about our Disaster Recovery and Business Continuity Plan. 

 5. Vendor risk management 

Review and assess the cybersecurity practices of all third-party vendors that provide financial services and products. Verify that vendors use sound risk management principles, have robust security measures, and regularly review their security posture. 

6. Network segmentation and DDoS protection 

Implement network segmentation to contain the impact of a potential compromise. Deploy DDoS protection measures, such as traffic filtering and rate limiting, to defend against DDoS attacks. Speak to your consultant about how best to implement this process. 

7. Regular data backups and recovery testing 

Maintain frequent data backups and test the data recovery process regularly. In a ransomware attack, backups can prevent data loss and reduce the need to pay the ransom. 

8. Threat intelligence sharing 

Participate in threat intelligence-sharing communities to stay informed about emerging threats and attack trends. Sharing information can help strengthen the industry’s collective defense. 

9. Continuous monitoring and security updates 

Monitor network traffic, logs, and systems continuously to detect and respond promptly to suspicious activities. Stay informed about the latest security updates and apply patches promptly. 

Proactive cybersecurity measures safeguard systems and data integrity and confidentiality. Consider adopting these mitigation steps and best practices, as they can enhance your security posture and protect against cyberattacks.

Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director 
Lenders Compliance Group