In a recent blog post, we discussed how digital attacks against banks, credit unions, and other financial institutions increased in the wake of the COVID-19 pandemic. We also noted that the cost of data breaches for those organizations increased during the same period. This raises the following question: how can organizations in the financial sector shore up their cybersecurity?
We answered that question by assembling 10 organizations, books, and podcast episodes that provide financial institutions with cybersecurity resources. You can learn more below.
NCU-ISAO
Created in 2016 at the Kennedy Space Center, the National Credit Union Information Sharing & Analysis Organization (NCU-ISAO) advances the mission of advancing cyber resilience at credit unions. It does this by seeking to supply credit unions with proactive threat intelligence of vulnerabilities, fraud campaigns, and attacks confronting their business. Additionally, credit union members of NCU-ISAO gain access to a global information-sharing network as well as tools, resources, and templates that they can use to raise their employees’ awareness and address emerging threats on a timely basis.
Financial Cybersecurity Risk Management
Published in 2018, “Financial Cybersecurity Risk Management: Leadership Perspectives and Guidance for Systems and Institutions” guides readers through the dynamic interconnections that make financial institutions susceptible to vulnerabilities and other digital threats. It then goes over risk assessment practices and governance perspectives that decision-makers and security professionals can use to respond to those risks. The book’s authors also include information that individuals can use to identify operational challenges to their organization’s cybersecurity programs and to take relevant regulatory standards into account.
FS-ISAC
The Financial Services Information Sharing and Analysis Center (FS-ISAC) is a global threat intelligence sharing community that serves financial institutions. With its headquarters in the United States as well as offices in the United Kingdom and Singapore, FS-ISAC provides member organizations with resources that they can use to advance their cybersecurity. Some of those resources take a regional focus, for instance, while others provide a cybersecurity overview for all members. Others still discuss how financial organizations can respond to certain developments such as the growing ransomware threat and changes introduced by COVID.
Cybersecurity and the CFO
In 2015, the Financial Executive Podcast used “Cybersecurity and the CFO” as the theme for one of its episodes. That edition features John Stark, former chief of the Internet Enforcement Division of Enforcement of the U.S. Securities and Exchange Commission (SEC) and president of John Reed Stark Consulting LLC. Stark discusses how chief financial officers (CFOs) and other financial executives can respond to news of a data breach at their organization, as noted by Financial Executives International (FEI).
SIFMA
The Securities Industry and Financial Markets Association (SIFMA) is a trade organization for broker-dealers, investment bankers, and asset managers. The organization has created several resources that SIFMA member firms can use to increase their cybersecurity. One resource includes best practices that organizations can use to create an effective program for mitigating the risks associated with insider threats. Other resources include guidance around hosting tabletop exercises and leveraging cyber insurance.
Cybersecurity: Threats to the Financial Sector
“Cybersecurity: Threats to the Financial Sector” replicates a hearing of the U.S. Subcommittee on Financial Institutions and Consumer Credit on September 14, 2011. The hearing discusses the types of vulnerabilities and technological advances that have enabled malicious actors to carry out attacks against financial institutions in the United States. It also emphasizes the importance of financial institutions sharing information with other organizations in the sector and with law enforcement agencies to bolster financial cybersecurity.
FDIC
An independent agency created by Congress, the Federal Deposit Insurance Corporation (FDIC) adheres to the mission of maintaining the stability of public confidence in the nation’s financial system. Part of this objective involves supervising consumer protection and institutions’ safety against cybersecurity threats. Towards that end, FDIC has created a resource page where financial organizations can find best practices concerning ransomware, security awareness, and other relevant topics. The resources page also includes a Framework for Cybersecurity that discusses some of the actions that federal banking agencies have taken to address digital threats.
Cybersecurity and Financial Stability
Susan Hennessey, the executive editor of Lawfare, sat down for a chat with three senior research scholars from Columbia’s School of International and Public Affairs back in October 2018. The Lawfare Podcast shared their discussion under the title “Cybersecurity and Financial Stability” The episode brings into focus what might happen if malicious actors directed their attention to undermining the stability of the U.S. financial system.
FFIEC
Created in pursuance of the Financial Institutions Regulatory and Interest Rate Control Act of 1978 (FIRA), the Federal Financial Institutions Examination Council (FFIEC) prescribes standards, report forms, and principles that promote unfirm supervision of financial institutions. Some of those principles pertain to how financial organizations can uphold their cybersecurity. Towards that end, FFIEC compiled a list of organizations such as FDIC, the FBI’s Internet Crime Complaint Center (IC3), and the Center for Internet Center (CIS) that can help financial institutions learn more about cybersecurity best practices.
FinCEN
The Financial Crimes Enforcement Network (FinCEN) is a bureau of the U.S. Department of Treasury that’s tasked with safeguarding the U.S. financial system against instances of illicit use and money laundering. This mission motivated FinCEN to create a page where it releases advisories, fact sheets, and other information about cybersecurity threats. Those resources include information on how ransomware threatens the financial sector and the extent to which malicious actors have sought to target COVID-19 economic impact payments for fraud.
Where ITEGRITI Comes In
Not all financial institutions have the internal expertise to implement cybersecurity best practices and guidance. Fortunately, they don’t have to go it alone. They can work with ITEGRITI to build a stronger cybersecurity posture. Learn more here.
