How to Prepare for Cybersecurity in 2020

2020 promises to be another banner year for cyberattacks on U.S. organizations. The growing threat of attacks in 2019 and recent years drives home the fact that hackers will use any option at their disposal to be successful.

PSCU 280 x 210Organized criminal groups have skilled hackers continually developing new tools and techniques targeted at circumventing our financial institutions’ best controls. Currently, our country is under threat of both cyber and physical attacks from foreign groups. The U.S. Department of Homeland Security (DHS) recently held briefings on these threats, but at this point, there are as many questions as answers. They’ve issued an advisory that lists four main actions organizations should address:

  1. Adopt a state of heightened awareness. This includes minimizing coverage gaps in personnel availability, more consistently consuming relevant threat intelligence and making sure emergency call trees are up to date.
  2. Increase organizational vigilance. Ensure security personnel are monitoring key internal security capabilities and that they know how to identify anomalous behavior. Flag any known indicators of compromise and tactics, techniques and procedures (TTPs) for immediate response.
  3. Confirm reporting processes. Ensure personnel knows how and when to report an incident. The well-being of an organization’s workforce and cyber infrastructure depends on awareness of threat activity.
  4. Exercise organizational incident response plans. Ensure personnel are familiar with the key steps they need to take during an incident. Do they have the access they need? Do they know the processes? Are your various data sources logging as expected? Ensure personnel are positioned to act in a calm and unified manner.

You can find the full advisory here, which focuses on how the cyber community can uphold awareness and vigilance in helping to protect our nation’s critical infrastructure during this time of tension. It’s an organization-wide effort that takes people, process and technology controls to defend the range of threats we’re seeing every day.

In response to this critical issue, the DHS has developed a program called If You See Something, Say Something. I encourage you to visit their website and explore their media, including videos and posters, to share with your credit union and members. The program is designed to educate the public on suspicious activity reporting and being aware of your surroundings to help keep our communities safe.

Gene Fredriksen, Security Strategy Consultant