Alvin Mills

Alvin Mills
VP of Information, Technology & Security

Cybersecurity and politics

U.S. critical infrastructure faces advanced threats of disruptive or destructive cyber-attacks,” wrote the Department of Homeland Security. “Federal, state, local, tribal and territorial governments, as well as the private sector, will experience an array of cyber-enabled threats designed to access sensitive information, steal money and force ransom payments.”

It is hard not to be political in the most political year that I can ever remember but, honestly, I’m a little disappointed that we didn’t hear more references to cybersecurity heading up to the election. Maybe cyber is still considered too geeky for mainstream and we don’t like to hear or talk about a subject we don’t understand.

Yet, organizations continue to be told that cyber threats are the greatest risks to their businesses and operations. All I heard was a small reference to the administration asking the top cybersecurity experts to protect election systems from hackers, but I’m not sure how effective that has been considering most of the votes were by mail-in ballots.

Let us go back to May 2017 when President Trump signed Executive Order 13800, which was written to strengthen the cybersecurity of federal networks and critical infrastructure. I applaud the administration for putting the words in a policy. From the executive order, there is a section that really stood out to me.

Sec. 3. Cybersecurity for the Nation (a) Policy. To ensure that the internet remains valuable for future generations, it is the policy of the executive branch to promote an open, interoperable, reliable, and secure internet that fosters efficiency, innovation, communication, and economic prosperity, while respecting privacy and guarding against disruption, fraud, and theft. Further, the United States seeks to support the growth and sustainment of a workforce that is skilled in cybersecurity and related fields as the foundation for achieving our objectives in cyberspace.

Here we are almost to 2021. Do you feel any more cybersecure? Just this year, we’ve seen a 20% increase in cyber fraud and abuse and a startling 200% increase in business email compromises. According to Check Point Research, there has been a 50% increase in the daily average of ransomware attacks, compared to the first half of this year.

Sure, the pandemic of 2020 has contributed its fair share and we may be seeing more attacks, but are we “blocking” more attacks? We don’t see those stats very often. I see a lot of cyber bills being introduced and most are passed. The division between the political parties has grown exponentially but at least they usually agree on new cyber bills. For some reason, though, we just can’t seem to get beyond the words on a policy. It’s time for action. Maybe having five different federal agencies responsible for cybersecurity is the problem.

Ransomware Self-Assessment Tool (R-SAT)

Hopefully, you’ve had a chance to use the new tool that was released last month. I can tell you that a lot of effort was put into that initiative from several different organizations. The Bankers Electronic Crimes Task Force (BECTF) took on this challenge, and this is another risk assessment tool provided to our banking communities. This was also blessed and endorsed by the Cybersecurity & Infrastructure Secure Agency (CISA) as well as the U.S. Secret Service. I would like to personally thank Commissioner Charles Cooper and Phillip Hinkle, both with the Texas Department of Banking, for being the driving force behind getting this tool delivered. If you need additional information on the tool, please don’t hesitate to reach out to me at [email protected].

Finally, I’d like to give a shout-out to a dear friend of mine and a member of TBA, who has done something that many of us want to do but never get around to doing. Marc Crudgington’s book, “The Coming Cyber War: What you, your family, executives and board should know on protecting privacy and assets,” is a must-read for everyone. Marc’s experience and background in cybersecurity is proven in his writings. Congrats Marc!