Cyber Security RESOURCES

Financial institutions are facing an alarming rise in sophisticated cyber fraud, often overlooked due to siloed operations among departments. To address this, FS-ISAC has published “Leveling Up: A Cyber Fraud Prevention Framework for Financial Services,” which offers a structured approach to improve coordination, enhance investigations, and prevent losses. Here’s a brief overview of its contents and how DefenseStorm can help implement this vision.

With recruiters using LinkedIn as a very popular way to research and reach out to potential candidates, bad actors have begun to try to abuse people’s trust and desire for new challenges to lure them in with fake job opportunities as a way capture their credentials and deliver additional malware.

The IRS has already made several reminders for individuals to be aware of bad actors trying to take advantage of this season to gain access to your personal data and finances. Read tips and guidance taken directly from the IRS’ website, including associated links to stay safe during tax season.

Take a minute and think about the password(s) you use in both your professional and personal capacities. When passwords are reused or weak, they are far more susceptible to being stolen. One stolen password can lead to a detrimental data breach for your organization.

To prepare for the FFIEC Cybersecurity Assessment Tool sunset date, financial institutions should identify a new framework around which to build their programs and self-assess themselves against that framework using a risk based approach to ascertain that the appropriate level of maturity is reached within various areas.

With the remote workforce not showing any signs of slowing down, many organizations are starting to evaluate and implement ways to access these systems through the usage of Remote Access Tools. While these tools provide an incredible amount of value to an organization to stay connected and retain access, Remote Access Tools are a significant attack vector in cybersecurity and are something that should not be taken lightly.

Announcing the NEW GRID Active Cyber Risk Readiness Action Dashboard.  The additions to DefenseStorm’s Cyber Security Risk Management platform delivers customers with an overview and actionable steps to stay ready against cyber attacks

The Federal Financial Institutions Examination Council (FFIEC) released important information surrounding the commonly used Cybersecurity Assessment Tool (CAT).

GRID Active now offers customer a view into their state of Cyber Risk Readiness and demonstrates the positive impact an integrated cyber risk management platform can have in managing cyber risk.

With a resolute effort to unite against the threat of cyber fraud, Fraud Fusion Centers are being embraced across all industries to effectively combat cyber fraud.

Cybersecurity risk management is a critical component of risk for banks and credit unions and by taking a proactive approach to risk, you can identify, mitigate, and even prevent risk before it’s too late. Learn how DefenseStorm’s built for banking approach can help you tackle cybersecurity risk and keep your institution cyber risk ready.

The Olympic Games begin July 26, 2024, and end August 11, 2024. I, like most people around the globe, will be watching and cheering on our nation’s athletes as they achieve their goals and live out their Olympic dreams. Unlike most of the audience, though, I will also be thinking about the unseen but expected threats and attacks that will be occurring from cybercriminals and bad threat actors taking advantage of such a major event.

A proposed rule from the Federal Deposit Insurance Corporation (FDIC) will establish new regulatory standards and increase the focus of cybersecurity risk management and governance while bringing an expectation of faster response times and real-time remediation of deficiencies.

DefenseStorm has updated its Account Takeover Fraud Prevention further enhancing its capabilities as a powerful cyber risk management solution.  Organizations can now join the Community Watchlists within Account Takeover Fraud Prevention, where they not only receive alerts of new threats, but can add a threat to the watchlist directly from the Alert view.

NIST’s Cybersecurity Framework (CSF) is designed to help institutions of all sizes and sophistication levels manage and reduce their unique cybersecurity risks. With the release of CSF 2.0, the guidance provided by NIST has expanded the practice and controls that institutions can use to best understand, assess, prioritize, and communicate its cybersecurity efforts.

Cyber scams and election season just go together, and as election season begins to ramp up, so will cyber scams and the variety of tactics that bad actors will deploy in the attempt to obtain your personal information.

Banking trojans continue to evolve and succeed due to their ability to persist, bypass security, and evade detection on mobile devices. As investment from fast-moving threat actors continues to increase, traditional security practices are unable to keep up.

DefenseStorm has made a cyber security software update to our GRID Active Governance Program with new functionalities, further enhancing its capabilities as a powerful cyber risk management solution.  Organizations now can link dashboards to task schedules for scheduling and documenting report reviews.

DefenseStorm’s cyber risk assessment solution has recently been updated with new functionalities, further enhancing its capabilities as a powerful cyber risk management solution with GRID Active Risk Assessment Exceptions.

Keeping up with cyber security alerts is important and Apple just rolled out a new default feature for iPhone and Apple watch that allows nearby users to share contact information with one another. This feature has sparked some concern in online social communities and even prompted law enforcement agencies to release statements and privacy warnings over the last few days due to the concern that people could “drop” information on another user’s phone at random, which seems scary.

GRID Active Fraud Prevention is powered by machine learning and helps financial institutions to proactively detect fraud and monitor suspicious non-monetary activities, complementing rules-based approaches to detect fraudulent activities.

SIM Swapping is nothing new and if you stay up to date with cybersecurity news and events, you are likely bombarded with technical analysis of the latest in ransomware, malware, dropper, trojan, or vulnerability that was exploited by bypassing controls and using “living off the land” techniques. 

While these tactics, techniques, and analyses are incredibly important and useful, we can often forget that it’s sometimes the simple, age-old ways of getting your information and property that can also harm us.

As fraud prevention in banking continues to be crucial in today’s digital landscape, it’s imperative for fraud investigators to utilize efficient tools that empower and support their investigative work.  The current Trigger and Alert views have been strategically modified to enhance the service provided to fraud investigators where they can now see relevant information that is intuitive to their role.

In our final entry into our series, The Impact of AI on Cybersecurity, we will explore how DefenseStorm utilizes AI in our own built-for-banking technology.

Innovations in technology and security are top of mind for banks and credit unions, and when it comes to firewall security, it is critical to strengthen the weakest link in your cybersecurity efforts. As cyber risks evolve, institutions of all asset sizes must prioritize and invest in strengthening cybersecurity efforts.

In Part 2 of our series – the Impact of AI on Cybersecrity – we will take a look at the the role of AI in financial services. The industry has been pushed to be more dynamic to meet the demands of customers, regulatory requirements, and security threats, and remain competitive while safeguarding customer data and assets.

Business email compromise (BEC) is a type of cyberattack that usually occurs through some type of social engineering campaign where the criminals assume the identity of a trusted person or organization and attempt to influence their victims into providing money through transfers or other digital payments, divulging personal information, making phony purchases, providing credentials to accounts, etc