Increase in Cyberattacks Continue into the New Year
Last year saw an alarming rise in high-profile cyberattacks. In January 2021, authorities and institutions were still unraveling the foreign hacking of the Texas IT firm SolarWinds that had first been reported in December 2020, a breach that exposed critical data from both private companies and government entities (the Treasury Department). That news set the tone for the months ahead, as cybercriminals took down the country’s largest fuel pipeline by compromising computerized infrastructure equipment at Colonial Pipeline in May, and then in July, incapacitated as many as 1,500 organizations in a ransomware attack on MSP software provider Kaseya.
Just before Christmas 2021, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) announced that serious vulnerabilities had been detected in the widely used Java-based software known as Log4j, sending the entire online community into a virtual panic. And with people still working remotely from home and outside offices, there’s no reason to believe these online threats won’t continue or even increase in the coming year.
But an important thing to remember is: For every one of these attacks that makes the morning headlines and the nightly news, there are a growing number of attacks that occur every day — and exponentially more unsuccessful attempts to find holes and compromise the online security for everything from infrastructure to supply chain to financial institutions. “Corporate networks are being targeted on a daily basis,” says Jason Dutchak, Director for BankOnIT. “What’s important is that you are diligent about preventing these events and having solid plans for the worst-case scenarios.”
For BankOnIT, this starts from the beginning, with network design – both ours and that of each one of our clients. BankOnIT incorporates cybersecurity into everything we do. “Cybersecurity is not something you can bolt on,” says Dutchak “it has to be intentionally designed and incorporated at every level.” It’s this intentional design that provides the financial institutions we serve with the reliability, security, and regulatory compliance they require.
Many times, a “trial and error” or “learn on the job” approach is taken with technology. While that may be fine for industries that are not mission-critical and have less regulatory oversight, it can be a risky and costly approach for financial intuitions. “One analogy that comes to mind is commercial aviation in the United States,” says Dutchak. “The safety record of commercial airlines in the United States has improved dramatically over the past 50 years and is unmatched anywhere else in the world. In large part, processes, systems, and regulations are responsible.” Whether it is the mechanic, the pilot, the flight attendant, or air traffic control, each individual is applying a consistent and proven process for each flight. Any changes are well thought out, tested, and reviewed prior to implementation. BankOnIT uses a similar approach to ensure a consistently desirable outcome for client institutions.
Here are some steps you can take to protect your business and your clients:
- Educate your employees: Many incidents occur because of a leaked password or some other type of human error. Talk to your employees and help them understand the importance of safeguarding their network logins, their devices, and any non-public personal information (NPPI) they might have.
- Implement Multi-Factor Authentication (MFA): MFA is now the gold standard in every industry when it comes to authentication. It uses more than simply a password and incorporates activation codes, biometric scans, tokens, or apps on secondary devices like cell phones or tablets that requires approval to be granted when logging in.
- Review access: Employees, vendors, customers all have access to various network components. Determine that access is granted based upon a business need and review access as those needs change.
- Assess access for risk: Once it is determined who has access and what they have access to, perform a risk assessment and determine if Multi-Factor Authentication (MFA) should be a requirement.
- Stay up to date on regulations: In response to the increased number of cyberattacks and technology threats, regulators are releasing more directives related to technology and cybersecurity than ever before. Keeping yourself up-to-date and working with vendors that are staying ahead of the curve for regulatory matters will help you get better results. (See more here.)
It’s clear as we enter 2022 that cyberattacks will continue and likely with more frequency and sophistication. But the most important thing to remember is not to panic. Just as cybercriminals are evolving, so too are the tools and expertise employed to stop them and bring them to justice. BankOnIT is constantly monitoring, building defenses, and countering attacks so that you can focus on the business of banking. Working together, let’s make this year is a prosperous and safe one.