The Biden administration has issued one of the most wide-reaching orders mandating that most federal agencies must patch hundreds of cybersecurity vulnerabilities considered major risks for damaging intrusions into government computer systems. What does this mean for your financial institution?
The Biden administration has issued one of the most wide-reaching orders mandating most federal agencies to patch hundreds of cybersecurity vulnerabilities considered major risks for damaging intrusions including data breaches or compromise of government computer systems.
Specifically, “Organizations of all sizes, including the federal government, must protect against malicious cyber actors who seek to infiltrate our systems, compromise our data, and endanger American lives,” DHS Secretary Alejandro Mayorkas said in a statement alongside the directive. The new order “requires federal civilian departments and agencies to protect against critical known vulnerabilities, which will reduce the risk of malicious intrusion and increase our collective cybersecurity.”
What this boils down to is federal institutions, banks, credit unions and fintechs nationwide must find ways to comply with these new cybersecurity standards and mandates. But how? What if you are already behind the 8 ball? What can be done not only to improve but catch up?
Maintaining compliance in the face of complex and ever-changing regulatory requirements can be overwhelming, particularly when we’re facing a severe global shortage of qualified cyber security staff and a highly competitive marketplace for knowledgeable, skilled and properly credentialed experts.
This executive order should be viewed as a model for all companies to not only aspire to but follow. It’s not enough to look the other way or think, “it won’t happen to me,” or “I’m too small for an attacker to target.”
Any organization with data can be the target of an attack.
Although the Biden administration order is for government organizations and companies it works with, the statement is intended to raise standards on cybersecurity governance, regardless of company sector or size. It’s a positive step toward creating a more unified cybersecurity infrastructure that addresses security, threat detection and response mitigation, among other things.
Some of the more recent, well-known attacks against SolarWinds, Kaseya and Hafnium with Microsoft Exchange infrastructure show no vertical is excluded from threat actors. The need for cybersecurity measures has never been greater as cyber attackers have no boundaries and will use any means to gain access to sensitive data.
As previously mentioned, cybersecurity specialists are hard to come by. The 2021 ISC2 Cybersecurity Workforce Study reported an approximate 4.19 million professionals worked in cybersecurity worldwide, but another 2.72 million trained workers would be needed to help defend organizations from attack and to close the skills gap. Community banks and credit unions in rural areas, in particular, struggle to attract IT and security professionals since most seek higher pay and the experience working for big names like Amazon, Google and Microsoft.
In the financial sector alone, cyberattacks are up 238% and rising. These attacks occurred from early February 2020 to the end of April 2020. More recently, Trend Micro found the banking industry experienced a 1,318% year-on-year increase in ransomware attacks during the first half of 2021.
It’s easy to understand why financial services companies are heavily targeted since they have sensitive data, including financial information on consumers, businesses, and government entities. Financial institutions like yours offer various avenues for cybercriminals to profit through data or monetary theft, extortion, and fraud.
And while the new government mandate, at first glance, might seem an insurmountable challenge to all but the big corporations, it isn’t – it’s an opportunity to shore up security and thwart cyberattacks and data breaches.
Financial institutions everywhere already abide by considerable cybersecurity, privacy and information security requirements. Further, many have adopted the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework as their main cyber risk management tool. But financial institutions that haven’t met those standards could take the order as an impetus to do so and improve their cybersecurity posture and make improvements in the maturity of their risk management program.
Perhaps, too, federal institutions will view the order as a reason to enact zero-trust policies, procedures, and the relevant technologies. The executive order mandates executive branch agencies to create zero-trust environments.
The zero-trust concept was developed to protect businesses against current and future security threats and assumes that no person, device, or service should be trusted, whether inside or outside the network. The zero-trust architecture requires strict, network-wide user/device authentication and authorization and limits access to only those resources necessary to perform their job function. This method reduces the chance for hackers to move through networks by limiting their privileges and access to restricted systems.
Whether your bank, credit union or fintech adopts a zero-trust model or not, it’s wise to consider the following these best practices to increase cybersecurity:
The current administration has prioritized cybersecurity as a national security threat. The mandate aside, cybersecurity should be a priority for everyone and every business.
Financial organizations failing to address cybersecurity could face major damage that includes monetary loss, legal consequences, and reputational damage – leading to a loss of customers.
Keep in mind, financial institutions face more than 70 million cyber events a day. And most small- to midsized financial institutions simply don’t have the staff to manage the volume of incidents that can be generated by these events, particularly those occurring after hours.
DefenseStorm can help. Our Cybersecurity platform leverages human interaction with machine learning to ensure you are threat-ready and secure. We consolidate security data from all sources – without volume limits – providing real-time visibility into your entire network. We eliminate false positives and prioritize events enabling you to hone in on the threats that matter the most.
Look to us to become an extension of your own information security team – one that keeps your financial institution and all the data you hold safe and secure.