OPERATIONAL RISK

Cyber & Data Security

Prevention and risk mitigation are key components in every aspect of bank operations - the same holds true in the protection of customer data.

Cybersecurity is the prevention of damage to, protection of, and restoration of data, systems and processes. Cybersecurity has three main components, data security, user security, and infrastructure security.

Data security is the concepts or strategies used to keep data secure. Data security focuses on protecting personally identifiable information (PII) from unauthorized access as one would see during a cyber breach or other significant cyber incident.

Prevention and risk mitigation are key components in every aspect of bank operations - the same holds true in the protection of customer data.

Cyber and Data Security News

SolarWinds criminals narrow follow-up attacks: Microsoft

The cyber criminals who targeted the SolarWinds Orion Platform appear to have limited their follow-up attacks to a relatively small number of IT and government enterprises, according to a blog post from Microsoft President Brad Smith.

Smith wrote that while more than 17,000 customers received the first wave of malware, Microsoft has identified 40 customers that the attackers have targeted more precisely. Of those 40, 44 percent are in IT and 18 percent are in government, including finance and national security.

Microsoft also last week issued posts with steps for customers to protect themselves and consumer guidance on recent cyber attacks, while FS-ISAC issued a brief and spotlight report on the SolarWinds compromise. Additionally, the National Security Agency issued an advisory on malicious actors abusing authentication mechanisms to access cloud resources.

These and other resources are available on ICBA's Cyber and Data Security resources section on the attack.