types evolve) with technology to monitor, mitigate, stop and prevent attacks is critical for maintaining a high level of security as all of the top five attacks in 2021 on financial institutions involved cyber criminals aiming to exploit employee mistakes, including these. 1. Emotet — a trojan attack that mainly spread through spam email containing malicious macro-enabled documents or links


2. Dridex — a trojan attack that acts as a banking credential stealer, a ransomware delivering system and a remote access control tool


3. Trickbot — a threat that targets the financial sector, providing modules that support the theſt of banking credentials and cryptocurrency, as well as ransomware


4. Qbot — a versatile threat that performs a number of modes of attack, such as remote access and credential theſt


5. Hancitor — a lesser-known threat experienced a comeback at the beginning of 2021. It acts mostly as a vehicle for delivery or mechanism for a plethora of other threats, and it has oſten used DocuSign documents to entice the victim into activating the email’s malicious attachments.


HOW BANKS CAN PROTECT THEMSELVES AGAINST CYBER THREATS • Continuously update security technology and protocols as threats evolve and adapt. Tis means you need a dedicated full-time security team — not an overworked IT department handling system stability and help desk.


• Employ 24/7/365 monitoring with remote remediation to quickly stop attacks in their tracks.


• Monitor endpoint devices to stop attacks before they hit networks. User devices are the most likely entry point for attackers to compromise a financial institution.


Looking for a particular business to help with your bank’s


operations? Through MBA’s associate membership program, banks can access various businesses offering professional products and services for the banking industry.


Browse our directory at mobankers.com to find a vendor for your bank. THE MISSOURI BANKER 23


• Monitor cloud security, including application use across the financial institution to be on the lookout for atypical user behavior signaling an attack.


• Monitor email and Office 365 using tools specially designed to thwart attacks on these platforms, such as expertly recognizing and removing phishing scams before employees have an opportunity to unleash horrible consequences with a rogue mistaken click.


• Have a dedicated security team and SOC, or hire an expert outside managed security services firm that embeds tools, technology and 24/7/365 monitoring to serve as your SOC.


• Push frequent patches so that user devices are equipped with the latest security protections.


• Adopt deep learning or AI monitoring, mitigation and context investigation that can more quickly identify threats.


• Encrypt data so that it is not compromised even if a breach occurs.


• Use multifactor authentication to protect against unauthorized access.


• Instruct employees and customers to only access bank data in a secure location over a nonpublic internet connection


• Train employees on cybersecurity threats quarterly. • Develop a solid business recovery plan for when an attack occurs.


 platform company delivering insights as a service. She previously held the post of CEO for Naveego, where she was the only woman CEO of a big data company in North America until 2021 when the business was acquired. Visit aunalytics.com to learn more. Aunalytics is an MBA associate member.


M


BA A


ssoci


ate


Me


m


b


er


s


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32