Cyber Alert Cyber Security Amid a Heightened Threat Environment

March 2022

Straight To The Point

A hallmark of any bank or financial institution’s reputation is the trust that clients put with them to guard their most critical personal, business, and financial data.  The absence of strong cyber security measures puts a bank's sensitive data at risk and can even pose a threat to national infrastructure. Following a joint advisory from the FBI and Cybersecurity & Infrastructure Security Agency’s (CISA) recent warning, we spoke with our own Christian Glover Wilson about what banks should expect and how they can protect themselves at this time.

Daily threats versus Russian threats

RP: How does a threat of a cyberattack from the Russian government differ from the daily threats banks are faced with?

CGW: Threat actors have already deployed destructive malware, including WhisperGate and HermeticWiper, against organizations in Ukraine to cripple their systems. The technology behind these attacks is similar to common cyberattacks faced by US banks. These include malware attacks where software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system is installed through various techniques as well as distributed denial of service (DDoS), where bad actors send copious amounts of traffic from multiple sources to a service or website, intending to overwhelm it. Both such instances are normally followed by ransom demands or may be carried out for pure disruption.

A Russian attack, on the other hand, is retaliatory. This so-called “hybrid warfare”, a powerful combination of cyber-attacks with traditional military warfare, is driven by a much deeper motive, significant expertise, and organization—a powerful trifecta that could easily debilitate an organization. Set against a backdrop of persistence and consistently evolving tactics, banks must stay ahead of the game.

Considerations for banks

RP: What should banks consider as they prepare for this threat?

CGW: Banks are subject to a number of regulations and have very strong cyber security standards. As custodians of our financial infrastructure, the industry frequently exercises plans to respond to ransomware and other attacks. Overall, the techniques for preparing for and responding to a Russian cyberattack versus any other is not very different. Good hygiene, processes and planning are always critical. However, with this high alert, it’s a good time to take a step back and reconsider the standards in place. It’s important for banks to:

  • revisit their cyber crisis plans and governance,
  • increase network monitoring,
  • run tests against various scenarios and,
  • have additional staff on hand in the event of an attack.

Another quick tip is to scan networks for outbound data. While it’s common for an organization to have significant inbound network traffic, unusual outbound data is less common. This type of scan can easily help conclude if any data is being leaked or whether possible data exfiltration methods are underway. If the bank currently connects with Ukrainian organizations, exercise additional vigilance in monitoring, profiling, and isolating that data and traffic.

In general, this is the right time to inventory the third-party dependencies and integrations within your essential operational and business processes. Your business continuity plan should provide resilience for those critical processes if the components they’re dependent on become unavailable or compromised, including a plan to rapidly migrate each to an alternate provider if necessary.

How to prioritize

RP: How can firms prioritize among the many cyber-related events they may need to respond to?

CGW: Following an urgent letter to the National Association of Corporate directors that urged organizations to protect themselves, CISA shared that Federal government agencies, and private sector companies can benefit from the information shared in its Known Exploited Vulnerabilities Catalog. The catalog enables businesses to prioritize those risks which are actively being exploited by bad actors. In addition, CISA’s “Shields Up” initiative includes a comprehensive set of recommendations for individuals, organizations, and senior leadership, written in plain language and offering clear steps to prepare for cyber events.

CISA’s advice falls into four areas:

  • “Reduce the likelihood of a damaging cyber intrusion” – update protections, control access, and pay close attention to cloud environments
  • “Take steps to quickly detect a potential intrusion” – log liberally and escalate alerts from unexpected events
  • “Ensure that the organization is prepared to respond if an intrusion occurs” – train key teams well and have a clear plan to provide response support
  • “Maximize the organization's resilience to a destructive cyber incident” – test controls and ensure there are isolated backups to rapidly recover if necessary

You can learn more here: https://www.cisa.gov/shields-up

User advice

RP: What should users of bank systems be advised to do?

CGW: Make sure that anyone connecting to bank systems (customers as well as employees and third parties) is well educated about possible social engineering attacks such as phishing emails or spoof copies of websites. Well-informed users are the best defense here. Bank and system policies should ensure that connected devices are kept updated and patched and that good security practices like strong passwords and multifactor authentication are in place.

Last thoughts

RP: What other advice do you have for bank leaders right now?

CGW: I’d suggest that you check in on your employees. In addition to potential added stress and work for your IT and cyber security teams, the news from Ukraine is incredibly distressing, especially for those with roots, family and friends in the country. Be kind to one another and always consider what someone else may be going through.


Reference Point can assist. We’ll pair renowned industry executives who have held CIO, CISO, CTO and other IT leadership positions at large financial institutions with top-tier consultants to provide an independent lens to your cyber program. This integrated approach to cyber security assessments and risk management will help you better manage risk and preserve brand equity more effectively.


About Reference Point

Reference Point is a strategy, management, and technology consulting firm focused on delivering impactful solutions for the financial services industry. We combine proven experience and practical experience in a unique consulting model to give clients superior quality and superior value. Our engagements are led by former industry executives, supported by top-tier consultants. We partner with our clients to assess challenges and opportunities, create practical strategies, and implement new solutions to drive measurable value for them and their organizations.

About Us Media Center