ABA Banking Journal
No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
SUBSCRIBE
ABA Banking Journal
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
No Result
View All Result
No Result
View All Result
ADVERTISEMENT
Home Cybersecurity

You’ve Been Hacked: How Will You Respond?

June 25, 2015
Reading Time: 3 mins read

By Merrie Spaeth

Impersonating reporters on panels has become one of my favorite pastimes. After ABA’s Annual Convention last year, where I played a reporter on a panel examining how to handle a cyber attack, ABA invited me to return for its Risk Management Forum. The scenario was similar: Your bank has been hacked. In this mock scenario, the institution in the hot seat was a billion-dollar bank in the South named Lucky Bank, and the media outlet I represented was “UOMe” TV.

The first news of the hack came from credit card companies reporting that customers were complaining en masse about unauthorized charges and cancelled charges. A plaintiffs’ law firm—Dewey, Cheatham & Howe, borrowed from NPR’s “Car Talk”—trolled the Internet looking for bank customers for a class action suit, as did a well-connected, disgruntled blogger called Bankerbabe.

Lucky Bank also received word that the hackers were selling information allowing criminals to access ATMs, so bank personnel were physically reprogramming ATMs outside their branches. Internet-savvy customers noted the workmen and posted pictures of them on Instagram. Bankerbabe called them to my attention at the television station.

My role was to ask the questions the media would ask and to illustrate how social media platforms such as Facebook and Twitter complicate the communication challenge. Although bank executives may feel they have quite enough legal, technical and operational issues to contend with, communication—both internal and external—is needed across the entire enterprise. You will undoubtedly have to communicate with key audiences before you have all the facts. Typically, you will not have any of the key facts confirmed when you get word through third parties or social media.

Create a timeline beginning with taking the first phone call or reading the first tweet. Consider how you would handle the questions below after the first hour, day or week. On social media, you must have credible responses that convey confidence and inspire trust. And you’ll have to deal with these questions from reporters, customers and the general public. If you’re lucky, the reporter or customer will call customer service, but they may also be trading rumors on social media.

How and when you respond to these kinds of questions will undoubtedly depend on your own bank, the nature and scope of an attack and other considerations, but grappling with the questions will give you a snapshot of your preparedness.

Think about how you’ll handle questions like this:

  • 
I have heard that your bank has been hacked. Can you confirm or deny this?
  • 
How many customers have been affected?
  • 
What information did the hackers get? Social security numbers? What other kinds of customer data?
  • 
What have you told customers?
  • 
Who’s to blame?
  • 
Are you going to change your IT or security providers?
  • 
When did you detect the problem?
  • 
Did you have any warning signs?
  • 
How long were you exposed before discovering it?
  • 
Why did you wait to announce it?
  • 
What are you trying to cover up?
  • 
What kind of liability do you have?
  • 
Will you pay for credit counseling for customers?
  • 
Has this happened before?
  • 
Have you notified your regulators?
  • 
Are you confident you have identified and blocked all the intrusions?
  • 
Do you have insurance to cover this?
  • 
Are you going to apologize?
  • 
What if you do not find out who’s responsible?
  • 
Is this a criminal event, hackers displaying their abilities, terrorism or sabotage?
  • 
Can you guarantee this will never happen again?

Some reporters and bloggers better versed in information security may ask more in-depth questions:

  • 
Did you have Intrusions Detection Systems (IDS) implemented?
  • 
What about sandboxing as a preventive technique?
  • 
Does your IT department regularly send fake emails to employees to see if they open unauthorized emails, a primary way that hackers gain access? (The technique is controversial as an invasion of privacy, and because so many scam emails look so realistic, lots of employees inevitably get caught.)
  • 
Critics say that Security Event Management systems (SEMs) are ineffective architecture with a high false positive ratio. Are you using SEMs?
  • 
Experts say that hackers are increasingly gaining access to financial institutions through third party vendors or smaller financial institutions that may not have adequate security measures. What have you done to audit the security provisions of the enterprises you do business with? 
Can you guarantee they all have the proper security in place?

Merrie Spaeth is founder and president of Spaeth Communications.

ADVERTISEMENT
Tags: CybersecurityData breachesSocial media
ShareTweetPin

Related Posts

Using Artificial Intelligence to Make Sense of Mountains of Data

Three myths about AI in banking

Technology
July 3, 2025

Common myths and misperceptions might confuse about what to expect and misdirect investment and efforts.

Chair’s View: Celebrating a century of giving back

Chair’s View: Celebrating a century of giving back

Community Banking
July 1, 2025

Not only do we celebrate the 150th anniversary of our organization, we also commemorate an important milestone for the ABA Foundation.

Fighting fraud on the frontline

Fighting fraud on the frontline

Compliance and Risk
June 30, 2025

Customer inquiries and complaints are important tools for detecting scams, but structural barriers in the bank may prevent them from being fully utilized.

Marketing Money Podcast: You don’t need a bigger budget — you need a better plan

Retail and Marketing
June 27, 2025

What matters most in bank marketing. And understanding how to deal with common obstacles.

Proposed rule would require verification system for Treasury checks

Podcast: Inside ABA’s new Treasury Check Verification System API

ABA Banking Journal Podcast
June 25, 2025

ABA's new Treasury Check Verification System platform is live. ABA anti-fraud experts Paul Benda and Hannah Ibberson discuss the platform and how banks can put it to use.

Marketing automation drives value for bank marketers

Retail and Marketing
June 23, 2025

Automation can assist bank marketers with lead analysis, scoring and pipeline reporting when built into a bank's CRM or automation platform.

NEWSBYTES

Texas Bankers Foundation creates donations page in aid of Texas flood victims

July 7, 2025

OCC allows Texas banks affected by flooding to close

July 7, 2025

U.S. Bank survey: Small-business owners focus on succession planning

July 6, 2025

SPONSORED CONTENT

Navigating Disruption in Ag Lending – Why Tariffs Are Just the Tip of the Iceberg

Navigating Disruption in Ag Lending – Why Tariffs Are Just the Tip of the Iceberg

July 1, 2025
AI Compliance and Regulation: What Financial Institutions Need to Know

Unlocking Deposit Growth: How Financial Institutions Can Activate Data for Precision Cross-Sell

June 1, 2025
Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

April 25, 2025
Outsourcing: Getting to Go/No-Go

Outsourcing: Getting to Go/No-Go

April 5, 2025

PODCASTS

Podcast: Inside ABA’s new Treasury Check Verification System API

June 25, 2025

Podcast: Staying close to clients amid tariff-driven volatility

June 18, 2025

Podcast: Old National’s Jim Ryan on the things that really matter

June 12, 2025
ADVERTISEMENT

American Bankers Association
1333 New Hampshire Ave NW
Washington, DC 20036
1-800-BANKERS (800-226-5377)
www.aba.com
About ABA
Privacy Policy
Contact ABA

ABA Banking Journal
About ABA Banking Journal
Media Kit
Advertising
Subscribe

© 2025 American Bankers Association. All rights reserved.

No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive

© 2025 American Bankers Association. All rights reserved.