‘The main thing is to keep the main thing the main thing’
“The main thing is to keep the main thing the main thing,” written by famous business author, Stephen Covey, should especially ring true as we’ve entered into a new decade. I don’t know about you, but I’ve heard my share of “20/20 vision” puns, and my early prediction for 2021 is that the term “2020 hindsight” will be overused.
So, what are some of the early cybersecurity predictions facing the financial services industry? Cybersecurity experts agree that the threats facing financial services providers aren’t just increasing; they are doubling in size with each passing year. In fact, a new report from cybersecurity company Kaspersky states that the amount of data held by financial services companies makes them prime targets for “cyberthreat actors.”
With just a month into the new year, one of the predictions has already come true. Yes, the new “cyber cold war” is real. The Department of Homeland Security was very quick to release a bulletin through its National Terrorism Advisory System warning of Iran’s ability to carry out cyberattacks with “disruptive effects” against critical U.S. infrastructure.
About the same time, the Department of Financial Services sent a similar statement to all regulated entities. “It is particularly concerning that Iran has a history of launching cyberattacks against the U.S. and the financial services industry. For instance, in 2012 and 2013, Iranian-sponsored hackers launched denial of service attacks against several major U.S. banks.”
Just last June, the U.S. government observed a rise in malicious cyber activity directed at United States industries and governments led by Iranian regime actors.
A well-informed organization is a well-prepared organization
Within a few hours of receiving the alert from DHS, organizations received similar alerts from many other sources along with some very credible recommendations. The deluge of information in and of itself certainly interrupts normal business operations, especially for information technology and security professionals.
As they should, executives and boards want to know how their organization is prepared for these cyberattacks and it’s up to these professionals to very quickly assess their environments, contact their service providers and dust off their incident response plans.
The Cybersecurity and Infrastructure Security Agency (CISA) shares the following technical recommendations for IT professionals and service providers to reduce their overall vulnerability. Though not exhaustive, they focus on the actions that will likely have the highest return on investment. In general, CISA recommends two courses of action in the face of potential cyber threats: vulnerability mitigation and incident preparation.
- Disable all unnecessary ports and protocols. Review network security device logs and determine whether to shut off unnecessary ports and protocols. Monitor common ports and protocols for command and control activity.
- Enhance monitoring of network and email traffic. Review network signatures and indicators for focused operations activities, monitor for new phishing themes and adjust email rules accordingly and follow best practices of restricting attachments via email and other mechanisms.
- Patch external facing equipment. Focus on patching critical and high vulnerabilities that allow for remote code execution or denial of service on externally facing equipment.
- Log and limit usage of PowerShell. Limit the usage of PowerShell to only users and accounts that need it, enable code signing of PowerShell scripts and enable logging of all PowerShell commands.
- Ensure backups are up to date and stored in an easily retrievable location that is air-gapped from the organizational network.
More great information and guidance can be found at CISA.gov.