According to Kaspersky Lab, remote desktop protocol (RDP) attacks grew by 800% last March and April. Barracuda Networks reported a 667% increase in email scams in half that time. Indeed, cyber criminals did not relent throughout 2020, attacking individuals, businesses and even governmental agencies in ways that were only theoretical a year ago—creating a stronger need for cybersecurity.
As customers embrace digital channels, and more employees work remotely, cyber criminals take advantage of increased exposure—leading to cybersecurity challenges during this transitional time.
Naturally, cybersecurity readiness must take center stage as digital channels prevail. In fact, in CSI’s 2021 Banking Priorities Executive Survey, bankers ranked cybersecurity as the most pressing issue this year, beating out evolving customer expectations and regulatory change.
But how do you continue to strengthen your cybersecurity posture in an evolving landscape?
Although the future will always hold uncertainty, there are key areas your institution should prioritize to enhance your defenses, such as strengthening your cybersecurity strategy, deploying effective cyber training, and better applying safeguards like multi-factor authentication.
Reassess Your Cybersecurity Strategy and Framework
The basic cybersecurity principle of evaluating and shoring up defenses hasn’t changed. But an effective strategy must consider significant shifts in technology, personnel and workflows. Over the past year, your situation and risk level have probably changed.
An effective cybersecurity framework sets you up for success by helping you identify strengths and weaknesses in your overall posture. As the beginning of your strategy, a framework provides the best insight into your security position and helps you develop future plans. Maintaining a robust cybersecurity framework requires intention and ongoing evaluation.
Try to get an honest perspective of your institution. Have your security posture or controls changed? How have you addressed these changes? Is your risk assessment still accurate?
Budgets are often constrained, so in determining changes, evaluate that area as well. Does your framework still align with your budget and goals? Using your framework and board-approved risk tolerance, you can gain a better view of any cybersecurity deficiencies.
Prepare Your People the Right Way
In CSI’s survey, 85% of banking executives said they’re planning to deploy additional training for employees, customers and board members to improve cybersecurity. That inclination is wise, as 80% of respondents identified some form of social engineering as the top security threat.
However, training must transcend the cybersecurity messages that so often become white noise. Effective training establishes for all participants how and why systems are secured and how each individual contributes to their security.
Robust security training must be go beyond conventional computerized quizzes and explain the real risks. For instance, gamification can go a long way toward incentivizing cyber awareness. Appointing cybersecurity ambassadors also empowers your staff to take ownership of cybersecurity and motivate coworkers to do their part.
And dynamic training should not stop at frontline staff. IT and Information Security personnel need even more training to better secure your organization. Also, educate senior management and your board of directors so they fully understand the risks involved. Board members familiar with cybersecurity and information technology can translate technical aspects of cybersecurity into a larger business conversation.
In addition, banks should highly prioritize controlling and taking inventory of devices. When you impose too few security checks, or employees use personal devices, your risk grows.
Additional Tips and Technology Controls
In this continually changing environment, innovations and challenges are sure to arise. Consider where you stand on the following opportunities for improvement:
- Data – Only grant access to data on a need-to-know basis. Utilize encryption for sensitive or confidential data.
- Dataflow Diagram – Review your data transmission, storage and security.
- Multi-Factor Authentication (MFA) – Rethink your password strategy to effectively use MFA.
- Cloud Security – Develop a strategy for cloud, as its use will only increase.
- Work from Home Security – Implement measures to ensure the same standard of security at home as in the office.
Remember, in the effort to enhance your cybersecurity, you are not alone. Other professionals in your social network can share their challenges and solutions to help you become cyber secure. And outsourcing guidance and assessments from cybersecurity experts will further strengthen your internal efforts.
To learn more about cybersecurity and a host of other topics that will drive the industry in 2021, read CSI’s 2021 Banking Priorities Executive Report.