The Bedel Security Blog

It's a Bad Time for a Cyber Breach

Written by Chris Bedel | Mar 27, 2020


The Finastra ransomware attack from last week reminded us all of that. 

The reality is that the overall inherent risk of a data breach or ransomware attack has gone up substantially over the last couple weeks for all financial institutions.

The hackers aren't taking a vacation right now.  If there was a time for them to really hit us hard, it would be right now.

We all need to be aware of this to make sure we don't let off on good information security practices. Even if it seems convenient in times like these, it's exactly the opposite of what we need to do.

Risk is a product of impact and likelihood, and if you think of the circumstances right now, both the impact and likelihood have increase.

The impact is increased because who, in the midst of all that they're taking care of right now, has time for incident response?  No one does.

The likelihood is increased for a number of reasons:

  • A number of financial institutions have opened up remote access that have never offered it before to employees who have never done it before.
  • Because of social distancing, we're seeing financial institutions going to job rotations, which may be putting people in jobs that they don't regularly do.
  • People are using tools that they've never used before, which means they're getting emails they've never seen before. Which means they're clicking on things that they've never seen before.
  • And just the overall chaos of the world we live in right now increases the likelihood that someone may not be thinking as clearly as they normally would.

So even though Information Security may seem like an inconvenience right now, it is as important as ever for your financial institution.

So, what can you do?

  • Make sure you're training your people on any new technologies that they're using in this time.
  • Make sure your staff feel supported in this new technology, new workspaces, and new world they're in. Let them know that it's okay to have questions. Let them know that it's okay to ask before they click on something.  Create a healthy culture of security.
  • Increase your social engineering testing and training routine. Now is not the time to back off on this.  Your staff need to be more aware than ever.  Keep up with phishing emails to them on a regular basis (at least monthly) and consider going to weekly video or email reminders.  Keep your people fresh on the threats that are coming their way.
  • Continue to risk assess your technology changes. A big one right now is implementation of VPNs or other remote access.  Another is opening up access to cloud portals.  Remote working in a great strategy for your pandemic plan, but you have to be secure.  Make sure the controls are in place.
  • Check your incident response plan. Is it pandemic ready?  What if key people are missing from it?  Do others know how to fill in?
  • And lastly, remind everyone before they do anything, if it feels a little out of the norm, to take a deep breath… pause… and think about what they're doing for just a couple seconds.

The longer this pandemic goes on, the greater our exposure to many of these factors.  Security breaches right now in banks and credit unions would not only impact the institution, it will also hurt the community that it takes place in.  Let’s all do what we can to be vigilant, for everyone.

It's in times like these that we have to help each other out and we are here if you need it.

If while you're reading this email you're sitting there wishing you would have established a testing and training program for your staff a long time ago.  It's never too late.  If you want help, send me an email.  I’ll walk you through getting set up on KnowBe4.

Or if you’ve implemented technology that you’re not sure you’ve properly assessed, take the time now to do so.  If you’re not sure where to start, send me an email.  I’ll walk you through your remote access risk assessment.

And if thinking about cybersecurity in a crisis like this seems too overwhelming and you just don’t have the time for it, then you really should send me an email.  I’ll show you how you can get help managing your information security program that will continue working even in times like these.

Chris Bedel
chris@bedelsecurity.com 

 


Other Resources:

Remote Access Risk Assessment
https://www.bedelsecurity.com/lp-remoteriskassessment 

Pandemic Planning
https://www.bedelsecurity.com/blog/pandemic-planning

Remote Work Security
https://www.bedelsecurity.com/blog/remote-work-security

Update: What We're Seeing From the COVID-19 Pandemic Planning Front
https://www.bedelsecurity.com/blog/update-what-were-seeing-from-the-covid-19-pandemic-planning-front