ABA Banking Journal
No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
SUBSCRIBE
ABA Banking Journal
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
No Result
View All Result
No Result
View All Result
Home Compliance and Risk

Cybersecurity: What threat-ready really means for banks

April 20, 2023
Reading Time: 6 mins read
Cybersecurity: What threat-ready really means for banks

The necessity for continuous risk assessment triggers the need for appropriate resources to meet the demands of new and emerging threats.

By Steve Soukup

A hurricane is hovering off the coast and will make landfall in 24 hours. The news is blaring with warnings for residents to brace themselves for the worst, but you’re prepared. Food, water, and safety supplies have been secured since the beginning of hurricane season. You’ve assessed the house for vulnerabilities, shuttered the windows, removed outside debris, and gassed up the cars. You are ready for the storm and the aftermath. But is your bank as prepared for the storm of cyber threats? Are banks threat ready?

Achieving an effective level of cyber threat readiness requires banks to use a comprehensive approach that encompasses the following:

1. A proactive and evolving cyber risk management solution based on risk assessment data.
2. Appropriate technology, resources and personnel for cyber threat detection, prevention, and mitigation.
3. Effective response, resilience and recovery plans.
4. Comprehensive understanding of the evolving threat landscape.

From cybersecurity to cyber risk management

For banks that are truly threat ready, first shift their mindsets from traditional cybersecurity methods to a proactive, cyber risk management strategy. Technological advancements are paving the way for banks to provide improved customer service and streamlined daily operations, but with every change, vulnerabilities are exposed, placing your customers’ assets and data at risk.

rightwards arrow
View more
risk and compliance articles.

Rather than focusing solely on cybersecurity measures aimed at preventing breaches or reducing the impact of one after it occurs, banks benefit when they change their approach to a proactive strategy that flexibly adapts and evolves with the changing threat landscape. Similar to protecting a house by securing the structure from the threat of winds or projectiles, banks implement cybersecurity measures to safeguard their bank systems, programs and infrastructure. While these measures may prevent a breach, banks can no longer rely on them alone. The transition to cyber risk management enables banks to continuously assess and modify strategies to address cyber threats as they materialize.

Train employees. ALL employees. Including C-level executives

Training staff to understand how and where breaches occur has become a crucial part of cybersecurity. While financial institutions are spending money on outside security operation centers and new products to protect their institutions, they can forget about their weakest link: humans. Verizon’s 2022 Data Breaches Investigations Report revealed that 82 percent of data breaches were due to some kind of human error. Employees make mistakes that open the door to bad actors, and the fueling force is a knowledge gap. According to Proofpoint’s 2022 Human Factor report, “55 percent of U.S. workers admitted to taking a risky action in 2021, 26 percent clicked an email link that led to a suspicious website, 17 percent accidentally compromised their credentials and only half were able to correctly identify the term phishing.”

This type of breach, which can be avoided with proper training, is not just a run of the mill mistake such as forgetting to close your car window when it rains. Clicking on a phish, using weak passwords, mishandling sensitive information or even carelessly utilizing technology could ultimately enable hackers to gain access to money and sensitive data resulting in a devastating loss to your financial institution.

Continuous training for all employees provides them with the knowledge they practice daily to avoid making critical errors.

Assess risk continuously

With banks continually targeted and threats evolving at a rapid pace, an assessment of risks must be documented in real-time as they are detected so the institution can properly respond. Instead of updating the risk assessment annually, a better plan is to continuously go through this valuable exercise and update it in real-time to allow for an accurate and timely picture of risk profile.

Continuous risk assessment allows institutions to appropriately design and implement controls, allocate resources and ultimately focus attention on the right areas in order to assure protect protection. Homeowners in a hurricane zone don’t wait for an evacuation order to be announced to prepare. They assess their risk to ensure that they are safeguarded with or without an imminent threat. And banks should do the same.

The information that is generated from regular risk assessments provides a grasp of the necessary changes at the time they are needed instead of waiting until the end of the year and having a long list of modifications to satisfy. Then possibly realizing that those modifications no longer adequately mitigate the risk at its current level. Digital solutions are readily available to help assess, monitor and maintain your bank’s level of risk to effectively adopt a proactive approach to risk management.

Evaluate your resources

Some smaller institutions incorrectly assume that they are not at risk. It’s easy to get comfortable and complacent and underestimate the extent of the threats. Thinking that smaller FIs won’t be on the radar of one of these operations could not be further from the truth. Cybercriminals do not care what size institution they breach..

As cyberattacks are on the rise, FIs, regardless of size, must reevaluate the scope and reach of their cybersecurity solutions because cyber-attacks are only going to become more sophisticated and threat actors more brazen. Finding an effective balance between the advanced technology available and human resourcefulness is unique to each FI.

Many FIs now partner with cybersecurity companies that can assist with 24/7/365 monitoring for cyber threat detection and investigation. Partnering with a proficient, credentialed outside security operations center to assess and evaluate threats gives FIs an advantage in the war against cyberattacks. The combination of human and artificial intelligence for cybersecurity monitoring has created a cohesive approach to cyber readiness.

It is virtually impossible for humans alone to efficiently scrutinize the millions of events occurring online. Using AI (especially products built for banking) in conjunction with human monitoring provides a streamlined system to reduce false positives, proactively detect fraud, increase anomaly detection and decrease human error.

Response, resilience, recovery

Your bank has assessed and reevaluated the risk landscape. Proactive plans and monitoring are in place. But, are you prepared for an actual breach? Are you prepared for the aftermath of the storm?

Even when all the necessary proactive defenses to prevent attacks are established, cyber-attacks are inevitable for banks which function with a target on their backs. Banks are urged to implement and practice incident response plans so employees are prepared to address cyberattacks in a timely and efficient manner. Running tabletop exercises, which are hands-on simulated response scenarios, provides practice in responding to the incident, containing the breach and then making adjustments based on the outcome.

Through these simulations, banks gain better understanding of their capabilities, procedures, deficiencies and overall preparedness to respond to an incident. IBM’s 2022 Cost of Data Breach report notes: “Businesses with an incidence response team that tested its incidence response plan saw an average of $2.66 million lower breach costs than those without.”

Cyber risk awareness

With any possible disaster, knowledge and awareness are keys to your preparedness. Just like the need for information about the threat of a hurricane and its path of destruction, being aware of the latest cyber threats and malicious attacks keeps you informed and ready. Awareness is not limited to just cyber threats.

Effective information sharing in cybersecurity includes threat awareness, incident reporting, best practices, defensive techniques, etc. The Cybersecurity and Infrastructure Security Agency recommends staying informed by subscribing to various credible news outlets for alerts and security topics. Join a peer-to-peer sharing community about cybersecurity within the financial sector. The Financial Services Information Sharing and Analysis Center is “The only global cyber intelligence sharing community solely focused on financial services. The organization leverages its intelligence platform, resiliency resources, and a trusted peer-to-peer network of experts to anticipate, mitigate and respond to cyber threats.”

Keep current by joining their mailing lists for critical alerts and ongoing news. FS-ISAC provides various trainings, events and insights to stay current, threat ready and informed. Another great resource for information sharing is InfraGard, “a public-private partnership among U.S. businesses, individuals involved in the protection and resilience of U.S. critical infrastructures and the FBI.” Another best practice is to always immediately report incidents to CISA and/or the FBI.

Stay informed, prepared, and proactive

Banks are held to a higher level of expectations to safeguard their customers’ assets and sensitive data. With cybercriminals finding new and inventive ways to infiltrate cybersecurity systems, banks should function with a threat-ready stance 100 percent of the time. Cyber readiness isn’t just about having prevention plans in place. It is also about flexibility in your methods to address the threats as they evolve and emerge. A proactive cyber risk management strategy fueled by real data and knowledge about the current threat landscape and appropriate defensive resources, combined with an effective plan to detect, prevent and migrate breaches, will improve banks’ cyber risk maturity. When banks satisfy these crucial standards of preparation, they are truly threat ready and prepared to weather the storm of cyberattacks.

Steve Soukup is chief executive officer at DefenseStorm.

Tags: Cyber crimeCybersecurityFinancial crimesTechnology
ShareTweetPin

Related Posts

How the Trump administration is reshaping BSA, sanctions compliance

How the Trump administration is reshaping BSA, sanctions compliance

Compliance and Risk
October 29, 2025

A regulatory refocus coincides with a focus on drug trafficking, sanctions.

CFPB issues guidance on removing false data from credit reports

CFPB: Federal law preempts state law on credit reporting

Compliance and Risk
October 28, 2025

The CFPB issued an interpretive rule stating that the Fair Credit Reporting Act preempts state laws on credit reporting, with the move coming after several states enacted laws banning the use of medical debt in credit reports.

OCC to merge community bank, large bank supervision departments

OCC to rescind updated recovery standards for large banks

Compliance and Risk
October 27, 2025

The OCC is proposing to rescind its updated recovery planning guidelines for larger banks, saying the move is part of a Trump administration effort to eliminate unnecessary regulatory burdens.

Trump orders creation of AI ‘action plan’

ABA makes recommendations for AI policy, regulatory reform

Cybersecurity
October 27, 2025

ABA submitted bank-specific recommendations on policy and regulation of artificial intelligence as the Trump administration seeks to make the U.S. a leader in the technology.

ABA, SBAs: CFPB RFI shows ‘deeply flawed conclusions’ on consumer financial markets  

Staying ahead of criminals to protect ATMs

Compliance and Risk
October 27, 2025

Banks can subscribe to security-related alerts, updates or portals offered by ATM manufacturers themselves to better understand evolving threats.

New law seeks to help veterans struggling with homeownership

AMBA: 634,000 aided by Veteran Benefits Banking Program

Compliance and Risk
October 24, 2025

Since its inception in 2019, the Veterans Benefits Banking Program has helped approximately 634,000 recipients switch from receiving their benefits from check or other means to direct deposit at a financial institution, the Association of Military Banks of...

NEWSBYTES

Huntington to buy Cadence Bank, deals announced in three other states

October 28, 2025

House Democrats express ‘deep concern’ about cuts at CDFI Fund

October 28, 2025

FCC advances ABA-backed calling rule reforms

October 28, 2025

SPONSORED CONTENT

Cash, Security, and Resilience in a Digital-First Economy

October 20, 2025
Rethinking Outsourcing: The Value of Tech-Enabled, Strategic Growth Partnerships

Rethinking Outsourcing: The Value of Tech-Enabled, Strategic Growth Partnerships

October 1, 2025
What good looks like in Small Business Lending – and how to get there

What good looks like in Small Business Lending – and how to get there

October 1, 2025
The Connectivity Dividend

The Connectivity Dividend

September 1, 2025

PODCASTS

Podcast: Why branches are top priority for PNC

October 23, 2025

Podcast: From tractors to drones, how farming tech affects ag lending

October 16, 2025

Podcast: Bigger data boosts financial inclusion at Synchrony

October 9, 2025

American Bankers Association
1333 New Hampshire Ave NW
Washington, DC 20036
1-800-BANKERS (800-226-5377)
www.aba.com
About ABA
Privacy Policy
Contact ABA

ABA Banking Journal
About ABA Banking Journal
Media Kit
Advertising
Subscribe

© 2025 American Bankers Association. All rights reserved.

No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive

© 2025 American Bankers Association. All rights reserved.