A ransomware attack targeting a major technology provider in the financial services sector has sent shockwaves through the United States, affecting around sixty credit unions.
Ongoing Operations is a company that provides cloud services to credit unions, specializing in disaster recovery and business continuity. On November 26, 2023, it announced on its website that it had experienced an "isolated cybersecurity incident" and "took immediate action to address and investigate." The full extent of the breach remains uncertain, leaving financial institutions and their clients in a state of suspense.
Companies like Ongoing Operations play a pivotal role in ensuring that financial institutions can swiftly recover from cyber attacks, fires, floods, or other disruptive events. What makes this situation particularly alarming is that the very service designed to be a safety net is now compromised. Ongoing Operations, entrusted with disaster recovery and business continuity, is now grappling with a ransomware attack, rendering its backup and recovery solutions temporarily inaccessible.
In recent times, the vulnerability of businesses to cyber threats, especially in the financial sector, has become increasingly apparent. The interconnected nature of operations, often reliant on external partners and vendors, necessitates a robust approach to cybersecurity. In this blog post, we delve into the critical aspects of fortifying cyber resilience for banks and credit unions, drawing insights from the recent ransomware attack on Ongoing Operations which impacted over sixty credit unions across the United States.
The Supply Chain Conundrum
The interconnectedness of modern businesses has given rise to supply-chain attacks, emphasizing the need for heightened awareness. Outsourcing critical functions, such as IT, HR, and payroll, is common practice, but it introduces a potential weak link in the chain.
Reflecting on past events like the Kronos attack, where a similar disruption lasted three months, businesses, especially credit unions, are urged to consider the consequences for both their operations and end-users. This prompts a crucial conversation about the measures that banks and credit unions can adopt to enhance their cyber resilience.
Strengthening Vendor Risk Management
- Regular Assessments: Instituting a robust vendor risk management process is paramount. Regularly assess the cybersecurity practices of key partners and vendors. This can be done through various methods, from online assessments to structured questionnaires.
- Outsourced Assessments: Consider outsourcing third-party risk management assessments to ensure an unbiased evaluation of your vendors. Engage external assessors to provide comprehensive reports on cybersecurity practices.
- Contingency Planning: Establish backup plans and alternative vendors in case a primary partner fails. Mitigating risk involves not only identifying vulnerabilities but also having strategies in place to minimize the impact of potential breaches.
Basic Cyber Hygiene: Patching and Updating
- Holistic Approach: Implement a comprehensive patch and update strategy covering not just operating systems but also third-party applications. Ensure regular updates for critical software components, including Adobe and Microsoft Office programs.
- Vigilance with Line-of-Business Applications: Pay special attention to line-of-business applications, which may lack auto-update features. Regularly obtain updates directly from vendors to address potential vulnerabilities promptly.
Multi-Factor Authentication (MFA)
- Enhanced Security Layers: Implement MFA as an additional layer of security, particularly for banking systems and software. This ensures an added barrier even if usernames and passwords are compromised.
- Across All Platforms: Extend MFA implementation to all access points, including email and various applications. A comprehensive approach to multi-factor authentication enhances overall security posture.
Employee Training: The Human Firewall
- Regular Cybersecurity Training: Conduct regular, short training sessions for financial employees. Include knowledge quizzes or tests to ensure comprehension. Address key areas like identifying phishing attempts and reporting incidents promptly.
- Individualized Support: Provide additional training and support for employees who may struggle with cybersecurity concepts. Recognize the critical role employees play in preventing cyber threats.
Incident Response Planning
- Holistic Incident Response Plans: Develop and continually improve incident response plans. Mature these plans to encompass not only internal incidents but also responses to vendor and partner breaches.
- Adaptability and Continuous Improvement: Acknowledge that incident response is an ongoing process, not a destination. Regularly adapt and enhance response plans based on evolving threats and experiences.
Identifying and Addressing Supply Chain Vulnerabilities
- Thorough Inventory Management: Maintain a comprehensive inventory of third-party applications and services in your environment. Regularly update, isolate, or eliminate outdated or unsupported components.
- Proactive Vulnerability Management: Stay informed about potential vulnerabilities in third-party applications. Promptly patch and update to address vulnerabilities and minimize the risk of exploitation.
Collaboration for Industry-Wide Resilience
- Industry Coordination: Encourage collaboration among businesses within the industry, especially in times of crisis. Share insights, operational strategies, and learnings to collectively strengthen cybersecurity defenses.
- Post-Incident Learning: Once the dust settles from a security incident, industry players should come together to learn from the experience. Diversification of vendors and partners can be explored to minimize the impact of future attacks.
The recent ransomware attack on credit unions serves as a stark reminder of the imperative to strengthen cyber resilience. By implementing robust vendor risk management, embracing basic cyber hygiene practices, prioritizing employee training, developing comprehensive incident response plans, and proactively addressing supply chain vulnerabilities, banks, and credit unions can build a formidable defense against evolving cyber threats. Furthermore, industry-wide collaboration fosters collective learning and strengthens the financial sector's ability to navigate the complex landscape of cybersecurity. As businesses continue to face evolving challenges, these proactive measures are essential to safeguarding financial stability and maintaining the trust of customers and stakeholders alike.