In our last post, we kicked off National Cyber Security Awareness Month by exploring the biggest current threats to financial institutions: endpoint, cloud and mobile security. But as we all know, data breaches are occurring in droves as well. And while the largest brands command the headlines lately, community banks are just as vulnerable to these attacks.
This year, the Federal Financial Institutions Examination Council (FFIEC) has made cybersecurity a top priority, with examiners adding pressure on community banks to identify, assess and mitigate cyberthreats. Fortunately, there are four steps each bank can take to evaluate their specific needs and build a program that protects sensitive data and meets regulatory requirements.
Understand Specific Risks
Before establishing strategies and tactics, banks must understand their particular risks—a vulnerability may affect one bank differently than another due to existing technology, practices, location and customer base.
Regardless, your cybersecurity program should cover the five key areas examined by the FFIEC:
- Risk Management and Oversight
- Threat Intelligence and Collaboration
- Cybersecurity Controls
- External Dependency Management
- Cyber Incident Management and Resilience
Monitor the Data
The best way to understand risk is to employ adequate network monitoring. Banks need to ensure data is logged appropriately, and that they can retrieve the information.
Further, IT managers need systems that correlate that data and generate actionable alerts. But be aware, if the system is calibrated to provide too many false positive alerts, legitimate threats get lost in the noise. Conversely, a system that is too stringent can let an actual attack slip through.
Banks must prepare how they will respond to a breach that manages to get past their walls.
One way to do this is to perform regular vulnerability assessments and feed the results into your data analysis system to see how an attack would have fared. Are there areas to be strengthened? Are all firewalls and software up to date? Is there an education component?
Use these results to create rules that combine big data with business rules to cover the most likely threats.
Communicate with Regulators
The final step is communicating with regulators and examiners. For this, banks can structure their reporting to show their framework fits accepted standards—including the Commerce Department’s National Institute of Standards and Technology (NIST) Cybersecurity Framework—by organizing activities into four main categories:
- Identify and develop the organizational understanding to manage cybersecurity risk to systems, assets, data and capabilities
- Protect by implementing the appropriate safeguards to ensure delivery of critical infrastructure services
- Detect the occurrence of a cybersecurity event by implementing the appropriate identification tactics
- Respond with the appropriate procedures to take action during an attack
Ultimately, the capabilities of digital thieves will always be shifting. While these four steps can’t guarantee a bank’s safety, they will help make it stronger and better prepared to react to cyberthreats. Sean Martin serves as a product manager for CSI Managed Services. With more than 11 years of experience with CSI, he has extensive knowledge on implementing effective systems security and network management practices.