Nsight Blog | Ncontracts

Heightened Cybersecurity Risk – Is Your FI Prepared?

Written by Michael Berman | Jan 21, 2020 12:00:05 PM

Cybersecurity is always a top concern for financial institutions, but now supervisory agencies are warning financial institutions that cyberattacks are an increased possibility as Iran seeks to retaliate for death of Qassem Soleimani earlier this month.

The FDIC and OCC released an interagency statement last week reminding FIs to follow sound cybersecurity risk management principles. It also emphasized the importance of being prepared for the “worst-case scenario” if cyber controls fail.

The agencies specifically mention:

  • Response and resilience capabilities: Review, update, and test incident response and business continuity plans.
  • Authentication: Protect against unauthorized access.
  • System configuration: Securely configure systems and services.

 

What’s Going On?
How Strong Are Your Controls Against These Common Risks?
How Robust Is Your Cybersecurity Risk Management?

 

What’s Going On?

While the FDIC and OCC didn’t specifically mention Iran, instead referring to “increased geopolitical tensions,” the New York State Department of Financial Services was specific when it released a similar warning earlier this month, warning of a heightened risk of cyberattacks by Iranian-sponsored hackers and detailing past Iranian cyberattacks against the U.S.

“For instance, in 2012 and 2013, Iranian-sponsored hackers launched denial of service attacks against several major U.S. banks. And the U.S. government recently advised in June 2019 it observed ‘a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies,’ and that Iranian attackers were increasingly using highly destructive attacks that delete or encrypt data,” NYFS said in its statement.

How Strong Are Your Controls Against These Common Risks?

Iranian-sponsored hacker’s weapon of choice is often malware, the warnings say. The FDIC, OCC and NYDFS report these hackers most frequently achieve access to systems and networks by:

  • Social engineering. Using phishing or spear phishing attacks against FI employee and contractors to steal their user credentials.
  • Using stolen credentials. Users often use the same password across many platforms. Hackers use approaches like credential stuffing, using lists of stolen login credentials in a large-scale automated login, and password spraying, a similar technique where hackers try to access accounts using common passwords.
  • Targeting unpatched devices.
  • Infecting external devices to computers and networks through removable media.

What can a FI do to reduce the likelihood of a successful cyberattack and recover promptly in the event an attack succeeds?

The FDIC and OCC emphasize strong cyber risk management with an emphasis on these controls:

Response, resilience, and recovery capabilities. It’s possible for malware to encrypt or damage back-up. It’s worth considering segmenting back-up systems or storing them offline so that malware can’t spread throughout the whole institution. Recovery plans against malware should be tested and include knowing which experts to contact if additional help is needed. Test how well back-up plans would work against malware and consider cyber insurance.

Identity and access management. Test the strength of authentication controls and limit system access to only what users need to do their jobs.

Network configuration and system hardening. Change default system settings, make sure patched and updates are installed promptly, disable unnecessary system access routes, and monitor network connections to outside service providers.

Employee training. Teach employees to identify phishing attempts, suspicious links and other types of social engineering.

Security tools & monitoring. Monitor systems, look for suspicious activity, and engage in penetration testing.

Data protection. Identify and encrypt sensitive data.

 

How Robust Is Your Cybersecurity Risk Management?

As cyber threats continue to multiply, make sure your FI has the risk management controls and business continuity management plans in place to reduce the risk of a cyber attack and recover quickly if needed.

The FFIEC Cybersecurity Assessment Tool (CAT) and the Automated Cybersecurity Examination Tool (ACE) are excellent tools for assessing cybersecurity controls and preparedness, uncovering gaps so they can be addressed.

Don’t be caught off guard by a cyberattack. Make sure your FI has done everything is can to guard against and recover from a cyber event.

 

Related: Creating Reliable Risk Assessments