Posted on Leave a comment

Cybersecurity planning for multiple attack scenarios

By: Gene Fredriksen, Security Strategy Consultant

The world is currently in a state of upheaval, which has provided cybercriminals with an ideal setting to conduct malicious assaults. Since the conflict in Ukraine began, we have seen an increase in malicious activity abroad, including a ransomware attack on Belarusian Railways intended to impede Russian forces from entering Belarus, as well as aggressive cyberattacks on Ukraine’s financial institutions.

Cybercriminals have a history of website hacks, defacements, data theft and ransomware attacks, but they have also demonstrated the ability to disrupt infrastructure systems. There is evidence of attacks attempting to contaminate water sources and shut down power grids. In some cases, governments may be lured into the ongoing cyber battle by lending support in the form of diplomatic, financial or material assistance, which could ultimately result in more coordinated cyber operations intended to discourage their support.

During this time, not only do government agencies need to be especially vigilant, but all organizations and businesses should be on high alert for hostile behavior, since cybercriminals are unlikely to distinguish between a government and a private company. Furthermore, malware tends to spread and infect vulnerable systems beyond the borders of the countries, companies or organizations for which it is intended. When Russia implanted NotPetya inside the Ukrainian software MeDoc (Ukraine’s most popular business accounting software) in 2017, it infected anything it touched, regardless of borders. With no ransomware decryption accessible, it spread, infected and destroyed all the data it could find. This attack in 2017 had a broad impact across the globe, not just in Ukraine.

As a result of our increasingly hostile global environment, the credit union industry finds itself a common target of cyberattacks. Such attacks might be aimed at disrupting our infrastructure, raising conflict awareness or using fraud to fund their actions. In turn, we must devote time to exercising vigilance, leveraging the tools at our disposal, and participating in information-sharing groups such as the National Credit Union Information Sharing & Analytics Organization (NCU-ISAO).

Organizations such as the NCU-ISAO actively monitor traffic on the Dark Web for indicators of compromise in order to notify financial institutions. Whether you leverage NCU-ISAO to consume or share information, your participation helps protect the entire industry.

And, just as we devised new ways of working in the wake of the pandemic and lockdowns, we may be compelled to consider different options if a cyberwar impacts our access to the internet.

Does your credit union have an action plan for responding to unexpected events in your Incident Response Plan? Run through several tabletop situations regularly (more than once a year), considering how you would handle each situation. Be sure to record these ideas in your Incident Response Plan.

Examine your core business processes to see how they might fare in light of the stages outlined below:
See chart above for core business processes

Does your Business Continuity Plan consider how you will keep running your business if you suffer infrastructure losses? Consider what you might do in these possible scenarios:

  • Internet and all VPN-based services are completely unavailable
  • Access to cloud services is lost
  • No internet connection at home
  • Power grid goes out for weeks
  • Water/sewer services are interrupted for an extended period

Do you have various alternative ways to recover from data loss in your Disaster Recovery Plan? How can you regain your data if you lose it or lose access to it? Is there an immutable duplicate of the data retained for long-term preservation if your data is destroyed and your backup systems are lost? What steps would you take if you had to rebuild your servers from the ground up, including your active directory?

Here are some additional questions to ponder.

  • Could you run your credit union for a lengthy period on paper? Take credit cards, account actions and money transfers into consideration.
  • How would you interact with your financial system’s core? Consider the various ways in which you are connected to the core.
  • Could you adequately staff branch personnel if all ATMs went down?
  • What are your cash reserves, and are you equipped to handle potential cash runs on branches?

As the situation in Eastern Europe continues to develop, our risk increases as well. Our level of cyber-awareness must be proportional to the risk we face. It’s more important now than ever to give thoughtful consideration to these topics so our industry is prepared for whatever may come.

Gene Fredriksen is a co-founder and current executive director of the National Credit Union ISAO and the principal cybersecurity consultant with PureIT CUSO. He has previously held the positions of CISO for PSCU, Global CISO for Tyco International, principal consultant for security and risk management strategies for Burton Group, vice president of technology risk management and chief security officer for Raymond James Financial, and information security manager for American Family Insurance.

Fredriksen served as the chair of the security and risk assessment steering committee for BITS, and also served on the R&D committee for the financial services sector steering committee of the Department of Homeland Security. He also served as an advisor on various cybersecurity steering committees for the administrations of George W. Bush, Bill Clinton and Donald Trump, assisting in the preparation of the president’s Cybersecurity Position Paper.

Original Post