ABA Banking Journal
No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
SUBSCRIBE
ABA Banking Journal
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
No Result
View All Result
No Result
View All Result
Home Compliance and Risk

Cybersecurity: What threat-ready really means for banks

April 20, 2023
Reading Time: 6 mins read
Cybersecurity: What threat-ready really means for banks

The necessity for continuous risk assessment triggers the need for appropriate resources to meet the demands of new and emerging threats.

By Steve Soukup

A hurricane is hovering off the coast and will make landfall in 24 hours. The news is blaring with warnings for residents to brace themselves for the worst, but you’re prepared. Food, water, and safety supplies have been secured since the beginning of hurricane season. You’ve assessed the house for vulnerabilities, shuttered the windows, removed outside debris, and gassed up the cars. You are ready for the storm and the aftermath. But is your bank as prepared for the storm of cyber threats? Are banks threat ready?

Achieving an effective level of cyber threat readiness requires banks to use a comprehensive approach that encompasses the following:

1. A proactive and evolving cyber risk management solution based on risk assessment data.
2. Appropriate technology, resources and personnel for cyber threat detection, prevention, and mitigation.
3. Effective response, resilience and recovery plans.
4. Comprehensive understanding of the evolving threat landscape.

From cybersecurity to cyber risk management

For banks that are truly threat ready, first shift their mindsets from traditional cybersecurity methods to a proactive, cyber risk management strategy. Technological advancements are paving the way for banks to provide improved customer service and streamlined daily operations, but with every change, vulnerabilities are exposed, placing your customers’ assets and data at risk.

rightwards arrow
View more
risk and compliance articles.

Rather than focusing solely on cybersecurity measures aimed at preventing breaches or reducing the impact of one after it occurs, banks benefit when they change their approach to a proactive strategy that flexibly adapts and evolves with the changing threat landscape. Similar to protecting a house by securing the structure from the threat of winds or projectiles, banks implement cybersecurity measures to safeguard their bank systems, programs and infrastructure. While these measures may prevent a breach, banks can no longer rely on them alone. The transition to cyber risk management enables banks to continuously assess and modify strategies to address cyber threats as they materialize.

Train employees. ALL employees. Including C-level executives

Training staff to understand how and where breaches occur has become a crucial part of cybersecurity. While financial institutions are spending money on outside security operation centers and new products to protect their institutions, they can forget about their weakest link: humans. Verizon’s 2022 Data Breaches Investigations Report revealed that 82 percent of data breaches were due to some kind of human error. Employees make mistakes that open the door to bad actors, and the fueling force is a knowledge gap. According to Proofpoint’s 2022 Human Factor report, “55 percent of U.S. workers admitted to taking a risky action in 2021, 26 percent clicked an email link that led to a suspicious website, 17 percent accidentally compromised their credentials and only half were able to correctly identify the term phishing.”

This type of breach, which can be avoided with proper training, is not just a run of the mill mistake such as forgetting to close your car window when it rains. Clicking on a phish, using weak passwords, mishandling sensitive information or even carelessly utilizing technology could ultimately enable hackers to gain access to money and sensitive data resulting in a devastating loss to your financial institution.

Continuous training for all employees provides them with the knowledge they practice daily to avoid making critical errors.

Assess risk continuously

With banks continually targeted and threats evolving at a rapid pace, an assessment of risks must be documented in real-time as they are detected so the institution can properly respond. Instead of updating the risk assessment annually, a better plan is to continuously go through this valuable exercise and update it in real-time to allow for an accurate and timely picture of risk profile.

Continuous risk assessment allows institutions to appropriately design and implement controls, allocate resources and ultimately focus attention on the right areas in order to assure protect protection. Homeowners in a hurricane zone don’t wait for an evacuation order to be announced to prepare. They assess their risk to ensure that they are safeguarded with or without an imminent threat. And banks should do the same.

The information that is generated from regular risk assessments provides a grasp of the necessary changes at the time they are needed instead of waiting until the end of the year and having a long list of modifications to satisfy. Then possibly realizing that those modifications no longer adequately mitigate the risk at its current level. Digital solutions are readily available to help assess, monitor and maintain your bank’s level of risk to effectively adopt a proactive approach to risk management.

Evaluate your resources

Some smaller institutions incorrectly assume that they are not at risk. It’s easy to get comfortable and complacent and underestimate the extent of the threats. Thinking that smaller FIs won’t be on the radar of one of these operations could not be further from the truth. Cybercriminals do not care what size institution they breach..

As cyberattacks are on the rise, FIs, regardless of size, must reevaluate the scope and reach of their cybersecurity solutions because cyber-attacks are only going to become more sophisticated and threat actors more brazen. Finding an effective balance between the advanced technology available and human resourcefulness is unique to each FI.

Many FIs now partner with cybersecurity companies that can assist with 24/7/365 monitoring for cyber threat detection and investigation. Partnering with a proficient, credentialed outside security operations center to assess and evaluate threats gives FIs an advantage in the war against cyberattacks. The combination of human and artificial intelligence for cybersecurity monitoring has created a cohesive approach to cyber readiness.

It is virtually impossible for humans alone to efficiently scrutinize the millions of events occurring online. Using AI (especially products built for banking) in conjunction with human monitoring provides a streamlined system to reduce false positives, proactively detect fraud, increase anomaly detection and decrease human error.

Response, resilience, recovery

Your bank has assessed and reevaluated the risk landscape. Proactive plans and monitoring are in place. But, are you prepared for an actual breach? Are you prepared for the aftermath of the storm?

Even when all the necessary proactive defenses to prevent attacks are established, cyber-attacks are inevitable for banks which function with a target on their backs. Banks are urged to implement and practice incident response plans so employees are prepared to address cyberattacks in a timely and efficient manner. Running tabletop exercises, which are hands-on simulated response scenarios, provides practice in responding to the incident, containing the breach and then making adjustments based on the outcome.

Through these simulations, banks gain better understanding of their capabilities, procedures, deficiencies and overall preparedness to respond to an incident. IBM’s 2022 Cost of Data Breach report notes: “Businesses with an incidence response team that tested its incidence response plan saw an average of $2.66 million lower breach costs than those without.”

Cyber risk awareness

With any possible disaster, knowledge and awareness are keys to your preparedness. Just like the need for information about the threat of a hurricane and its path of destruction, being aware of the latest cyber threats and malicious attacks keeps you informed and ready. Awareness is not limited to just cyber threats.

Effective information sharing in cybersecurity includes threat awareness, incident reporting, best practices, defensive techniques, etc. The Cybersecurity and Infrastructure Security Agency recommends staying informed by subscribing to various credible news outlets for alerts and security topics. Join a peer-to-peer sharing community about cybersecurity within the financial sector. The Financial Services Information Sharing and Analysis Center is “The only global cyber intelligence sharing community solely focused on financial services. The organization leverages its intelligence platform, resiliency resources, and a trusted peer-to-peer network of experts to anticipate, mitigate and respond to cyber threats.”

Keep current by joining their mailing lists for critical alerts and ongoing news. FS-ISAC provides various trainings, events and insights to stay current, threat ready and informed. Another great resource for information sharing is InfraGard, “a public-private partnership among U.S. businesses, individuals involved in the protection and resilience of U.S. critical infrastructures and the FBI.” Another best practice is to always immediately report incidents to CISA and/or the FBI.

Stay informed, prepared, and proactive

Banks are held to a higher level of expectations to safeguard their customers’ assets and sensitive data. With cybercriminals finding new and inventive ways to infiltrate cybersecurity systems, banks should function with a threat-ready stance 100 percent of the time. Cyber readiness isn’t just about having prevention plans in place. It is also about flexibility in your methods to address the threats as they evolve and emerge. A proactive cyber risk management strategy fueled by real data and knowledge about the current threat landscape and appropriate defensive resources, combined with an effective plan to detect, prevent and migrate breaches, will improve banks’ cyber risk maturity. When banks satisfy these crucial standards of preparation, they are truly threat ready and prepared to weather the storm of cyberattacks.

Steve Soukup is chief executive officer at DefenseStorm.

Tags: Cyber crimeCybersecurityFinancial crimesTechnology
ShareTweetPin

Related Posts

FinCEN issues final rule on beneficial ownership information access

Podcast: AI and the future of BSA risk management

ABA Banking Journal Podcast
October 2, 2025

Banks have been using natural language processing and machine learning applications for years in managing their anti-money laundering and Bank Secrecy Act obligations. But how does the growing adoption of generative AI tools affect how BSA and fraud...

CFPB claims ‘complex’ pricing drives up cost of financial products

CFPB finalizes extended compliance dates for small-business lending data collection

Commercial Lending
October 2, 2025

The CFPB has finalized a rule extending the compliance dates for its small-business data collection. The bureau first extended the new deadlines in June in an interim final rule.

SBA proposes to lift moratorium on 7(a) nondepository lenders

SBA releases compliance form for smaller institutions on debanking order

Compliance and Risk
October 1, 2025

The Small Business Administration has released a form that smaller financial institutions – those with less than $30 billion in assets – can use to demonstrate compliance with a recent order directing lenders to identify past “debanking” actions.

FHFA releases online dashboard to assess disaster risk for housing markets

Agencies issue reminder about flood insurance during government shutdown

Compliance and Risk
October 1, 2025

Federal banking agencies reissued previously provided guidance on flood insurance requirements during a lapse in the National Flood Insurance Program. The announcements contain no changes from the guidance issued during prior government shutdowns.

District court vacates Labor Department position on rollover advice

Plaintiffs, Fed seek extension of court stay in stress test lawsuit

Compliance and Risk
October 1, 2025

The plaintiffs and Federal Reserve filed a joint motion asking a federal court to once again extend a pause in litigation challenging the Fed’s stress testing framework.

ABA Fraudcast: Taking the fraud prevention message directly to lawmakers

ABA Fraudcast: Taking the fraud prevention message directly to lawmakers

Compliance and Risk
October 1, 2025

'Banks cannot fight this battle alone. Other stakeholders must step up.'

NEWSBYTES

Sen. Scott seeks more info from FDIC on deposit insurance reform

October 2, 2025

Mortgage rates rise

October 2, 2025

FHFA withdraws proposed rules on Fannie Mae, Freddie Mac, Federal Home Loan Banks

October 2, 2025

SPONSORED CONTENT

Rethinking Outsourcing: The Value of Tech-Enabled, Strategic Growth Partnerships

Rethinking Outsourcing: The Value of Tech-Enabled, Strategic Growth Partnerships

October 1, 2025
What good looks like in Small Business Lending – and how to get there

What good looks like in Small Business Lending – and how to get there

October 1, 2025
The Connectivity Dividend

The Connectivity Dividend

September 1, 2025
Building Trust with Every Transaction

Building Trust with Every Transaction

September 1, 2025

PODCASTS

Podcast: AI and the future of BSA risk management

October 2, 2025

Podcast: The real difference between stablecoins and tokenized deposits

September 24, 2025

Podcast: The ‘capacity crisis’ in leadership today

September 17, 2025

American Bankers Association
1333 New Hampshire Ave NW
Washington, DC 20036
1-800-BANKERS (800-226-5377)
www.aba.com
About ABA
Privacy Policy
Contact ABA

ABA Banking Journal
About ABA Banking Journal
Media Kit
Advertising
Subscribe

© 2025 American Bankers Association. All rights reserved.

No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive

© 2025 American Bankers Association. All rights reserved.