CSI Resources

risks ahead road sign

3 Cybersecurity Threats and 4 Strategies to Protect Your Financial Institution

  • by Steve Sanders
  • Feb 25, 2016

What’s the scariest thing going on right now in the financial industry? Given ever-persistent technology advances, for many bankers, cybersecurity is their biggest and most unpredictable threat. 

That’s why bankers must always look ahead to the next cyber risks and opportunities for fraud protection. And though the threats targeting data are not always new, criminals are introducing new ways to compromise our networks. That means your response to the changing cybersecurity landscape should also be changing—it’s time to embrace innovative frameworks for cyber protection. 

3 Cybersecurity Threats You Should Know

The best way to protect your financial institution is to understand the cyber threats you’re facing: 

  1. Social Engineering/Phishing

    Social engineering is the art of tricking humans into revealing sensitive information. Because our generosity is often stronger than our cybersecurity savvy, hackers can utilize social engineering—especially phishing schemes—to compromise our machines, gain a foothold into our network and use this as a stronghold for later attacks.

  2. Data Theft

    Whether it’s stealing customer lists, confidential customer data and analytics, strategic plans or sensitive data of any other type, thieves have a large market for your financial institution’s data. And almost any hacker has the primary intention of selling your data to competitors, fellow criminals or even the black market.

  3. Reputational Damage
  4. Reputational damage is the greatest and most rapidly growing threat to financial institutions. That’s because most institutions, especially community banks, base their businesses on reputation. From advanced DDOS attacks that keep your website down for weeks at a time to reputational smear campaigns, even if the website resumes functionality and allegations are proven false, the damage done is often long standing.

4 Proactive Measures You Can Take to Prevent Fraud  

Proper implementation of appropriate risk controls can greatly reduce a financial institution’s risk profile. Take these four proactive measures to help protect your bank from cyber attacks in 2016:

  1. Utilize the Cybersecurity Risk Assessment Tool

    If you’re not already using the Cybersecurity Risk Assessment Tool from the FFIEC, it should be near the top of your list. Use this tool to help identify your risk profile and the cyber-maturity of your financial institution.

  2. Provide Proper Training (Including the Board)

    Cybersecurity is more than an IT issue, so your training should go beyond IT personnel. The board and senior management—your decision makers—need to understand the reality, scope and impact of the risks you’re facing. Put an increased focus on board training because if the board doesn’t understand cyber threats, they’re not going to understand how to strategically plan for a cybersecurity incident.

    Start with the NACD Cyber-Risk Oversight Handbook—it’s a great introduction before on-site training takes place.

  3. Create a Cybersecurity Incident Response Plan

    If you haven’t integrated cybersecurity into your incident response plan and business continuity plan, you need to do that quickly to ensure your financial institution is prepared in the event of an attack. You should strongly consider purchasing cyber insurance (a product used to protect businesses and individuals from Internet-based risks) for your financial institution. It’s not required by regulators yet—and it’s not right for all financial institutions—but, it is right for most of them.

  4. Join the FS-ISAC
  5. Be sure that you are a member of FS-ISAC (Financial Services Information Sharing and Analysis Center). Federal regulators, as well as many state regulators, expect participation in this information-sharing network. But, don’t join just to avoid regulatory scrutiny. There’s a lot of valuable information sharing coming out of this program.

Tackle Cybersecurity with Educated Risk Strategies

Looking ahead at cybersecurity concerns, the risk landscape is changing rapidly. Financial institutions need to be prepared to keep pace by adjusting their risk strategies in response to regulation and cyber risks. That means adopting a mix of technologies and best practices to help mitigate risk and protect your financial institution, both today and into the future.  


Steve Sanders, CSI vice president of Internal Audit, oversees the evaluation of risks associated with IT, financial and operational systems. He recently presented this information in CSI’s Banking Unleashed webinar series, and he has a strong knowledge of cybersecurity and privacy, accompanied by an educational background in computer security and data protection.