OFFICIAL PUBLICATION OF THE MISSOURI INDEPENDENT BANKERS ASSOCIATION

Pub. 1 2021 Issue 2

Cybersecurity

Why Cybersecurity Keeps Me Up at Night (And How We Can All Get Back to Sleep)

Let’s talk about cybersecurity.

Wait! Come back! I know what you’re thinking: “It’s always cybersecurity with these I.T. guys! Don’t they have anything else to talk about?”

It’s true. Those of us in I.T. talk about cybersecurity a lot. We think about it a lot. We worry about it a lot. Cybersecurity keeps us up at night — sometimes literally, when there are patches to be installed or urgent vulnerabilities to be addressed.

Hopefully, it is eye-opening to you that we are still talking about security even after all this time. And hopefully, that impresses upon you just what high-priority security should be when it comes to your technology. This is us trying to call attention to an issue so important that it often precludes talking about the I.T. topics we’d prefer to be getting into.
In truth, if cybersecurity keeps me up at night in worry, I.T. strategy keeps me up at night in excitement. That’s what I want to talk about; I’d love to get into all the ways technology can make your bank more productive, dynamic and competitive. But getting into that without first making sure that your systems are safe would be jumping the gun because having a secure, stable technology environment is what buys you the opportunity to invest in I.T. strategy.

2020’s Other Big Story Was Cybercrime

Look, given everything that happened last year, you can be forgiven if you missed the news about the increase in cybercrime. That’s a big part of what we “I.T. guys” are here for — to take care of cybersecurity so that you can focus your attention on other things. But you should be aware of the data and trends in general, if only so that when it comes to planning and budgeting to protect your bank, you are aware of just how dangerous things have become and just how critical it is to invest in security.

Just a few of the stats that are keeping my eyes open at three in the morning:

  • There were more cyberattacks in the first half of 2020 than in all of 2019. (Crowdstrike)
  • The number of cyberattacks grew again from July to August 2020 by 30%. (SDC Executive)
  • On average, only 5% of most companies’ files are properly protected. (Varonis)
  • Data breaches exposed 36 billion records in the first half of 2020. (RiskBased Security)
  • The average time to identify a breach in 2020 was 207 days. (IBM)
  • The average lifecycle of a breach was 280 days from identification to containment. (IBM)
  • The average ransomware payment rose by 33% in 2020 to $111,605. (Fintech News)
  • 65% of attackers used spear-phishing as the primary means of infection. (Symantec)
  • 95% of cybersecurity breaches are caused by human error. (Cybint)
  • More than 77% of organizations do not have an incident response plan. (Cybint)
  • There were 3,932 data breaches in 2020, more than double the 1,506 breaches of 2019. (RiskBased Security)

Need I go on? Because sadly, I could.

How about a few statistics specific to banking, just for fun (you know, since we all get a kick out of panic-inducing data)?

  • The average financial services employees have access to nearly 11 million files from the first day on the job. (Varonis)
  • It takes an average of 233 days to detect and contain a data breach in banking. (Varonis)
  • The average cost of a financial services breach is $5.85 million. (Varonis)

While we’re on the topic of nightmares, let’s talk a bit about the effect that the COVID-19 pandemic had on cybercrime.

  • Since the beginning of the pandemic, the FBI reported a 300% increase in cybercrimes. (IMC Grupo)
  • The increase in cyberattacks targeting banks in 2020 was 238%. (Fintech News)
  • Cloud-based cyberattacks rose 630% in Q1 2020. (Fintech News)
  • Remote work has increased the average cost of a data breach by $137,000. (IBM)

These statistics make it clear that the bad guys are relentless when working to find a way into your network. Just as with so many other things that changed in 2020, there will be no going back. Cybercrime is a rising concern, and that trend will continue to move upward.

Getting Back to Sleep

So, what can you do to increase your bank’s security posture and take the upper hand in the battle
against cybercrime?

Some cybersecurity solutions are more easily and quickly implemented than others. Still, it is important to note that every security component, large or small, plays a vital part in keeping you safe. Think of cybersecurity as made up of individual bricks in a wall. Any missing brick leaves a gap that might allow something to slip through. Yet every additional brick you add does not stand alone and strengthens the surrounding pieces of the wall.

If you have yet to do so, implement two-factor authentication (2FA) and a password management policy throughout your bank. (I know, I know, the only phrase you hear more often than “cybersecurity” from us I.T. guys is “better passwords!” But there are few things you can do that are easier yet will have such a large impact.) Explain the heightened risks to your employees and start ongoing end-user security training to keep everyone in the company sharp and up to date on recognizing suspicious activity and threats.

Pair these initial actions with an evaluation of your current security plan. Talk to your provider about how patching and updates are executed on your systems, as well as monitoring alerts and unexpected behavior across your network. Then go deeper and discuss what happens should a breach of any sort occur. Talk about immutable backups and a technology restoration and continuity plan. Look into your cyber-insurance policy and make sure that it is aligned with the risk your bank is willing to accept as well as your current revenue. You may also want to consider developing an emergency customer communications plan in the event of a data breach.

Most importantly, don’t let up. The cybercrime syndicates that are out there will keep pushing to find a way into your network; you must keep pushing back. The bright side is that there are also plenty of good guys ready to work just as diligently to keep you safe. Better security is possible, and with the right planning and effort, you can make your bank a more difficult and less desirable target and regain some of the peace of mind that leads to a good night’s sleep

Questions? Contact Brad Prost at 417-837-4855 and bprost@jmark.com.