INDUSTRY U P DAT E S
On
High Alert T H E G LO B A L ST R ANG L E HOL D ON RUSSIAN FINANC IAL A SSE TS H A S MAD E BANK S A L ARGER CYB ERTARGET.
by Roby Brock
T
he U.S. financial system has been under consistent attack by Russian hackers and cybercriminals for decades, but the latest economic sanctions for Russia’s aggression in Ukraine has heightened prospects for assault.
Federal officials have been warning banks and financial services firms for months about escalating threats from Russia, even staging a ransomware drill in November 2021 for how to handle a massive, systemwide attack. The exercise included over 240 public and private sector institutions. CISA, the Cybersecurity and Infrastructure Security Agency, is the federal agency tasked with alerting and offering protection. CISA Director Jen Easterly warned in March that malicious foreign actors were at work trying to disrupt markets and undermine security. The agency also noted that Russian state-sponsored actors have demonstrated sophisticated tradecraft and cyber capabilities by compromising third-party infrastructure, compromising third-party software, or developing and deploying custom malware. Furthermore, CISA said these financial terrorists have the ability to maintain “persistent, undetected, long-term access” in compromised environments—including cloud environments—by using legitimate credentials. “We need to be prepared for the potential of foreign influence operations to negatively impact various aspects of our critical infrastructure with the ongoing Russia-Ukraine geopolitical tensions,” Easterly
16
•
SPRING 2022
said. “We encourage leaders at every organization to take proactive steps to assess their risks from information manipulation and mitigate the impact of potential foreign influence operations.” Arkansas banks are unlikely to be the first wave of targets as bigger fish, such as national banks with multiple access points and vulnerabilities, will likely take the brunt of any large-scale efforts. However, with the interconnectivity of the global financial system, no financial institution should consider itself untouchable. John Burgess, co-founder and president of Mainstream Technologies, and Lee Watson chairman and CEO of the Forge Institute, are two Arkansas experts who understand the threats posed by cybercriminals. Burgess, who also serves as his company’s Chief Security Officer, leads Mainstream’s Cybersecurity Management and Consulting unit. Watson’s group is a leading trainer of IT professionals in the realm of cybersecurity, particularly when it comes to national defense. The Arkansas Banker asked Burgess and Watson to assess the current environment.
Q: What kind of prep are you advising clients to do with this heightened situation? WATSON: Two major things - the first is to practice solid cyber hygiene. Be brilliant on the basics here. Change your passwords
