Defending Against Cyberattacks

Russia’s military invasion of Ukraine has heightened the risk of cyberattacks. Several Ukrainian government and banking websites were knocked offline last month after a mass distributed denial of service (DDoS) attack. Meanwhile, Ukrainian cyber police have solicited volunteers to attack Russian websites. As the crisis continues and Russia faces ever more crippling sanctions, global financial institutions have been bracing for potential hacks and ransomware attacks beyond the crisis zone.

RMA's recent Risk Readiness webinar highlighted cyber risk considerations for risk professionals and detailed how the financial services industry can better prepare for online attacks. Three industry experts discussed cybersecurity best practices, and what risk professionals should expect as the situation endures.

What are hackers trying to accomplish?

In most cases, hackers want financial gain or retribution. “We're applying economic constraints on Russia, and that's going to cause a bit of desperation from criminal elements that are going to seek financial gain as a result,” said Christopher Hetner, former Senior Cybersecurity Advisor to the SEC Chair who is currently serving as special advisor of Cyber Risk for the National Association of Corporate Directors (NACD) and senior advisor at The Chertoff Group.

In some cases, hackers will apply their skills to advance a specific cause. “A lot of hacktivists, or patriotic hackers, have thrown their hat into the ring and are trying to cause harm against any sort of target,” said Teresa Walsh, Global Head of Intelligence, Financial Services Information Sharing and Analysis Center (FS-ISAC). 

Causing cascading failure across network systems can be another motive, according to Bob Kolasky former director of Cybersecurity and Infrastructure Security Agency's National Risk Management Center, Department of Homeland Security. Kolasky was with the Department of Homeland Security when the webinar occurred. He is currently SVP of Critical Infrastructure at Exiger.

Attacks on middle-market companies have become more prevalent, as these entities often have less robust cyber defenses. “We're seeing increased activity from hackers targeting companies tied to the investment management, private equity, and venture capital industry,” Hetner said. “I suspect we'll see more of that, particularly as the level of desperation and the economic incentives continue to increase.”  

Fortifying your cyber defenses

Panelists encouraged attendees to understand what common techniques attackers use. “Find out what are those patterns, the behavior of the criminal or the nation-state actor,” said Walsh. Public-private partnerships are also excellent arenas to share best practices and the latest updates on threats and vulnerabilities so that they can be addressed more closely in real-time. Multiple levels of exercise programs and cognitive plans were also encouraged.

A strong partnership and efficient communication channels with firm leadership are also essential to cyber security. Panelists encouraged maintaining the proper level of governance at the board level. In addition, a firm’s cyber professionals must have a clear understanding of business goals and priorities. "Communicate what the most precious jewels are in your company," said Walsh. "What are critical assets? Educate your cyber professionals."

A cyber defense team can be easily fatigued by situations where they need to be in a constant hyper-alert mode. “What's your plan for not overworking your network defenders, for your incident response teams who have to carry the burden of the daily vigilance over this time?” Walsh said.

What to expect now?

Knowledge-sharing is fundamental to success and panelists urged transparency, both between organizations and within. "This is a team sport," Hetner said. "Ensure you have participation across the enterprise."

Proper preparation will help institutions prepare for a lasting impact. “The risk is heightened, and this could be a situation that lasts for a significant period. As part of your planning, have plans in place for those contingencies,” added Kolasky.

Related Content:

• Russia Banking Sanctions Content Hub
• Cyber Risk: Decoding Current Threats (Webinar)