Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
A Road Forward:Cybersecurity Trends and Challenges
for Credit Unions Post-Pandemic
SILVERSKY PROPRIETARY AND CONFIDENTIAL
HOUSEKEEPING
This session is being recorded.
The recording and slides will be emailed to all
registrants.
Please submit your questions into the
Q&A box.
JOHNDEVENYNS
Senior Sales Engineer
ANUSHA PARISUTHAM
Head of ProductEmail Security and Cloud Email
MEET YOUR SPEAKERS
GERRITBOELE
Senior Sales Engineer
VALERIEMOSS
Senior Director of Compliance Analysis
POLL TIME
SILVERSKY PROPRIETARY AND CONFIDENTIAL
Road ForwardThe increasing sophistication of cyber criminals
SILVERSKY PROPRIETARY AND CONFIDENTIAL
Cybercrime’s Industrial Revolution
• In recent years, Cybercrime has undergone a profound process of modernization and innovation
• The Cybercrime industry has it’s own, service economy complete with solution providers, tools for hire and end users
• Commitment amongst criminals to adjust business practices to scale their operations and meet customer needs
• From novices to veteran cybercrime gangs – can buy the tools and expertise to launch malicious campaigns against targets with ease
SILVERSKY PROPRIETARY AND CONFIDENTIAL
Increased Frequency of Attacks
We typically see a let up in number of attacks at the beginning of the year.
• 2020 didn’t see this lull in activity – in fact it increased
• Attacks focused on hot topics –Pandemic, Stimulus checks (over 1.2 million COVID/Corona related domains registered)
• Exploit Situational Social Topics
• Future attacks will do the same
SILVERSKY PROPRIETARY AND CONFIDENTIAL
Marketplace for Threats
350,000 new malware instances created daily
• Easy access to threats on the dark web
• 25 different shadow trading platforms
• 10,000 ads for malware, stolen data and hacking services
• Nation-state TTPs are filtering through sophisticated hackers to the masses
1 Source: AVTest
SILVERSKY PROPRIETARY AND CONFIDENTIAL
Once considered advanced attacks are now commonplace: • Polymorphic malware
• Supply chain attacks
• Code compression packers
• File-less malware
Increasing Sophistication
Victims are highly targeted• Job roles that perform specific
functions
• Extensive research and reconnaissance
• Multi-phased attacks
SILVERSKY PROPRIETARY AND CONFIDENTIAL
Targeted Vulnerabilities – Disrupted Workforce
• Disruption from pandemic has many people working from home.
• No longer protected in the corporate bunker sitting behind a carefully managed firewall with other network protections
• Users using their own networks leaving companies exposed.
• Lack of control over user’s home security and connected devices
• Lack of collaboration with other team members on cyber threats
SILVERSKY PROPRIETARY AND CONFIDENTIAL
Preparing to Expect the Unexpected
SILVERSKY PROPRIETARY AND CONFIDENTIAL
Preparing to Expect the Unexpected
The pandemic has fundamentally changed our lives. Some industries have been irreversibly altered!
• Enable Resilience
• Business Processes
• People• Employee Behaviors• Customer Behaviors
• Infrastructure
SILVERSKY PROPRIETARY AND CONFIDENTIAL
Building Resilience - Business Processes
• What did history teach us?• Prior to Sept 11 attacks• Post Sept 11 attacks• Pandemic – The Great Lockdown
• Revisit your new business processes
• Update your Business Continuity Plans (BCP)(based on the new way of doing business)
• BCP should continuously improve and evolve
• Look through the cybersecurity and compliance lens• Regulations and frameworks will evolve• Work with security and compliance partners
SILVERSKY PROPRIETARY AND CONFIDENTIAL
Building Resilience – People and Infrastructure
People
• Continuously engage your employees
• Best practices training
• Establish a forum for feedback
• Security and Compliance training
• Engage your customers
Infrastructure
• Are new infrastructure/applications secure?
• Is your communication/network traffic secure?
• Innovate based on evolved customer behaviors; build security into innovation
SILVERSKY PROPRIETARY AND CONFIDENTIAL
Prevention VS. Detection
SILVERSKY PROPRIETARY AND CONFIDENTIAL
“Adopting detection techniques rather than focusing solely on prevention”
- Gerrit Boele
SILVERSKY PROPRIETARY AND CONFIDENTIAL
Prevent DetectBudget
Maturity
Exposure
PainBus
ines
s In
ertia
Prevent Detect
Compliance and Regulation
Common Strategies for Prevention & Detection
SILVERSKY PROPRIETARY AND CONFIDENTIAL
Detection Grows with Maturity
• It is the ears of the IT estate
• Layering of detection technologies allows “Security Professionals” the ability to assign criticality to incidents.
• IT Estates are no longer a perimeter discussion
• Compliance and Regulation is increasing the need to understand your IT estate
internet
SILVERSKY PROPRIETARY AND CONFIDENTIAL
A user clicks a bad link
The link installed an executable script
Detection in a ScenarioIDPS would alert
Account is used to escalate privileges to domain level
The script created a user admin account
ObjectiveComplete
EDR would identify
EDR would identify
Threat stopped or logged and techniques
adjusted for better threat coverage
Criminal crawls the estate to send data
SIEM Threat correlation identifies outboard IP’s
SILVERSKY PROPRIETARY AND CONFIDENTIAL
Aligning the Stars
• Evaluate the controls of prevention and detection
• Do they overlap? UTM serves a purpose• Is the cost worth the risk?• What is it preventing or detecting?
• Communicating the challenges• Make technical less technical when talking to
leadership• Enable relationships across the business• Inventory and diagrams help highlight the needs
SILVERSKY PROPRIETARY AND CONFIDENTIAL
3rd Party Due Diligence & Compliance
SILVERSKY PROPRIETARY AND CONFIDENTIAL
Third Parties are a Constant in BusinessUtilizing the skills of qualified third parties is an important avenue for some credit unions in expanding service offerings, increasing efficiencies and economies of scale, while managing processes and programs. -- NCUA
PROS
Time saving processes
Vendors are specialists
Accountable Party
Instant Maturity
Removes FTE’s
CONS
Increased IT risk
Lack of Control
Less Visibility
Internal Skillsets
Requires FTE’s
SILVERSKY PROPRIETARY AND CONFIDENTIAL
Basic Due Diligence Questions
• Define the corporate structure and ownership
• Evaluate the Financial history and current condition
• Understand the vendors Business model
• Gather Service Scope:• “Security and data handling practices• Business continuity planning• Operations controls• Hiring/screening
• Evaluate Reputation & relevant experience
SILVERSKY PROPRIETARY AND CONFIDENTIAL
Vendor Life Cycles
• Build a life cycle strategy
• Gather detailed due diligence records
• Contracting language is important
• Vendor documentation
• Vender risk assessment
• Good communication
• Vendor termination (insurance)
Procurement
Risk and Due Diligence
Contracting
Onboarding
Contract & Risk Management
Terminating
Vendor Life Cycle
SILVERSKY PROPRIETARY AND CONFIDENTIAL
Red Flags
• Amazing sales pitch/ no substance
• Bleeding edge technology
• Doing business with relatives or friends
• Unanswered RFI/RFP questions
• One sided agreements
• BETA products
• Too good to be true
• Inconsistent support
Communication is key when selecting a vendor but beware some of this issues when selecting a vendor for your organization.
SILVERSKY PROPRIETARY AND CONFIDENTIAL
Compliance Considerations
• NCUA expectations
• On-going threat environment
• Managing remote workers
• Virtual examinations
SILVERSKY PROPRIETARY AND CONFIDENTIAL
CUNA Disclaimer
Information provided in this presentation, including all materials, should not be construed as legal services, legal advice, or in any way establishing an attorney-client relationship.
Credit unions should contact their own legal counsel for advice. Information may have changed since this presentation was prepared. This information is intended to only be a summary and is not all inclusive.
SILVERSKY PROPRIETARY AND CONFIDENTIAL
NCUA Expectations
• NCUA expects credit unions to have the appropriate polices and procedures in place to anticipate, identify, and mitigate cybersecurity risks.
• Agency expectations can be found in Part 748 of NCUA regulations and the FFIEC IT Examination Handbooks.
• FFIEC’s cybersecurity assessment tool (CAT) can be used to help assess a CU’s level of preparedness.
• NCUA’s automated cybersecurity examination tool (ACET) in use since 2018
• NCUA is following an asset size-based exam schedule (from largest to smallest institutions), refreshing the cycle every 4 years.
SILVERSKY PROPRIETARY AND CONFIDENTIAL
COVID-19 Threat Environment
• Threats observed by the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) include:
• Phishing, using the subject “coronavirus” or “COVID-19” as a lure;
• Malware distribution, using coronavirus- or COVID-19- themed lures;
• Registration of new domain names containing coronavirus or COVID-19-related wording; and
• Attacks against newly—and often rapidly—deployed remote access and teleworking infrastructure.
• CISA Alert (AA20-099A): COVID-19 Exploited by Malicious Cyber Actors (April 8, 2020)
SILVERSKY PROPRIETARY AND CONFIDENTIAL
Managing Remote Workers
• NCUA Risk Alert 20-RISK-01: Cybersecurity Considerations for Remote Work (April 2020)
• Remote employees should adhere to the CU’s information security- and privacy-related policies and procedures.
• Policies and procedures should prepare employees to:
• Prevent cyber-incidents (e.g., keep devices secure, update software regularly, implement session time outs and encryption of sensitive information, leverage firewall capabilities, increase wireless security as needed, etc.); and
• Respond to any incidents that do occur (e.g., disconnecting device(s) from Internet connectivity, preserving forensic evidence, reporting incident to IT, etc.)
SILVERSKY PROPRIETARY AND CONFIDENTIAL
Virtual Examinations
• NCUA Request for Information: “Strategies for Future Examination and Supervision Utilizing Digital Technology” (announced at the agency’s June Board meeting; comments due on or before August 31, 2020.
• Request for stakeholder input to improve the offsite examination process.
• RFI poses 36 questions for credit unions to provide feedback. • NCUA will use submitted stakeholder responses to:
• Refine a strategy for leveraging technology in the future examination and supervision process;
• Determine how much onsite examination activity would still be required with an exam primarily conducted offsite; and
• Develop an implementation strategy that reduces burden while maintaining the agency’s ability to determine whether federally insured credit unions are operating safely and soundly and in compliance with applicable laws and regulations.
cuna.org/compliance
Compliance Confidence
CUNA ComplianceCommunity
webinars & eschools
CompBlog
CUNA eGuide to Federal Laws & Regulations
CUNA RegTraC
CUNA vendor managementcompliance resources
SCHOOLS & CONFERENCES
CUNA Strategic Services
designations
enterprise risk management
QUESTIONS?