We recently interviewed two of our cybersecurity experts, Brandon Jarrett and Start Largin, to get some answers about the state of cybersecurity for banks. Hope you enjoy this Q + A session!
What kinds of cybersecurity systems are banks investing in and why?
Jarrett: "We are seeing an increasing number of financial institutions investing heavily into SIEM (Security Incident Event Management) with managed SOC (Security Operations Center). These tools provide an extra layer when combined with advanced Endpoint Detection Response applications such as SentinelOne. Active threat hunting is also important for these institutions."
Largin: "Regulators are highly suggesting for financial institutions to implement a SIEM solution. Security Information and Event Management (SIEM) is a software solution that aggregates and analyzes activity from many different resources across your entire IT infrastructure. SIEM collects security data from network devices, servers, domain controllers, and more."
How big of a threat are data breaches?
Jarrett: "The largest threat. Banks are trying to mitigate those threats leveraging some tools I mentioned above along with continuing to utilize the FFIEC CAT Tool."
Largin: "Records show financial institutions filed 635 SARs in the first half of 2021 related to suspected ransomware activity. Data breaches are expected to increase in 2022."
What kinds of cybersecurity training are banks putting their employees through?
Largin: "Ongoing cybersecurity training is a regulatory requirement for their employees. However, regulators are highly suggesting for financial institutions to provide cybersecurity information on their website for their customers since they provide services such as mobile banking, internet banking, etc. For years, financial institutions have been required to have annual cybersecurity training for their board members. Regulators are now suggesting for financial institutions to provide cybersecurity training more frequently for their board regarding cybersecurity. At ThreatAdvice we suggest quarterly or at least every four months."
What cybersecurity threats are banks facing these days?
Largin: "Banks and healthcare are hot targets for hackers. The amount of confidential customer information that a financial institution has makes them a prime candidate for cyber threats."
How have these changed over the last few years?
Largin: "The FDIC and OCC issued a statement on January 16, 2020 to remind supervised financial institutions of sound cybersecurity risk management principles. While preventive controls are important, financial institution management should be prepared for a worst-case scenario and maintain sufficient business continuity planning processes for the rapid recovery, resumption and maintenance of the institution’s operations."
How are banks dealing with these threats?
Largin: "Financial institutions are assessing the IT Infrastructure of their institution. Evaluating the EOL of equipment, assessing their environment, considering new cybersecurity solutions, etc."
What kinds of cybersecurity hires are banks making and why?
Jarrett: "Believe it or not, the trend we are seeing is more of an outsourcing model to MSSPs (Managed Security Services Providers) with vCISO (Virtual CISO offerings)."
How rapidly are the cybersecurity threats facing banks evolving?
Largin: "We have seen an increase in hacking occurrences in all industries since the beginning of Covid. However, financial institutions are highly regulated. Regulators are performing more in depth IT examinations, due to the increase of hacking occurrences."
New federal rules requiring banks to report any “significant computer security incident” within 36 hours of occurrence to federal regulators will take effect this spring. What preparations do banks need to make to comply with this rule?
Largin: "Financial institutions need to have policies and procedures developed on how to implement the process. For many years, financial institutions have been required to have a Disaster Recovery Plan in place. Now, they are required to have an Incident Response Plan, Business Continuity Management, Pandemic Contingency Plan, etc. In addition to plans and policies, they are required to have Table Top Exercises."
Jarrett: "Banks will need to ensure they are utilizing the latest monitoring and management tools. An example would be Nessus. These tools alert in real-time. Institutions also need to ensure 3rd party providers are aware of the change in regulations."