Cybersecurity Advisory Prompts Financial Institutions to Analyze Security and Continuity Measures
This blog was authored by my colleague Barbie Housewright, Manager, Cybersecurity, Financial Institutions.
The Cybersecurity and Infrastructure Security Agency (CISA) recently issued a warning cautioning United States organizations of the heightened cybersecurity threats in the wake of conflicts between Russia and Ukraine. The CISA prompted financial regulators to instruct their financial institutions to reevaluate security and continuity planning. Regulators warn that the current cybersecurity threat landscape may exceed previously acceptable recovery arrangements.
Cybersecurity Advisory: Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure
The Cybersecurity Advisory, “Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure”, describes measures financial institutions can leverage to diminish threats and recommends organizations prepare for disruptions to technology systems by strengthening incident response, resilience and continuity plans to maintain critical activities in absence of technical resources. Organizations are urged to enhance their cyber posture by solidifying access, security, vulnerability, and configuration controls. The CSA further recommends subscribing to threat information monitoring related to these threats.
Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats
The CISA Insights article, “Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats”, published January 18, 2022, promotes awareness of critical cyber risks. Organizations are encouraged to take swift actions to diminish the likelihood and impact of a compromise, regardless of their size and complexity.
The article also provides a checklist to assist financial institutions in reducing the likelihood of a cyber incident, detecting an intrusion, preparing for intrusion response, and maximizing resilience when destructive incidents occur. The advisory references additional controls and resources for reporting incidents and anomalous activity and defending cloud services.
Financial regulators advise institution to review the cybersecurity advisory in its entirety, along with the CISA Insights article and promptly implement the controls documented within. Multiple resources are referenced regarding ransomware best practices and response checklists. The recommendation also encourages institutions to complete the Ransomware Self-Assessment Tool (R-SAT) to identify gaps in their ransomware protection strategy.
How can CLA Help
Collecting and analyzing a comprehensive set of controls and planning initiatives can be overwhelming and complex. CLA’s Outsourced Information Security Advisors can help you evaluate and enhance your program in preparation for the anticipated threats and impacts. Our advisors are experienced in performing the Ransomware Self-Assessment and assisting in training staff on best practices for avoiding a social engineering attack.
Brittany has more than twelve years of experience and specializing in providing audit and accounting services to financial institutions. In addition to planning, managing and performing financial statement audits for institutions ranging in total assets from $10 million to $50 billion, she has performed engagements designed to test the adequacy of loan documentation and reserves, adherence to internal control policies, outsourced internal audit, and consulting engagements for various compliance requirements.
Comments are closed.