Wednesday, April 15, 2020 | 8:30 AM - 4:00 PM CT
CyberRiskNOW Virtual CyberSecurity Conference Summary:
This virtual conference is designed to provide interactive training on evolving cybersecurity threats and what your bank should do to build a strong Information Security Program that helps protect against these threats. We will identify components of a comprehensive Information Security Program that enables successful IT Examinations and minimizes your risk against real-world threats. This seminar will walk you through various FFIEC, FDIC, and OCC resources, as well as other industry best practices. We will also review some timely hot-stove topics, including Pandemic Preparedness, Managed Service Providers, and creating a Culture of Security at your institution.
Agenda (full descriptions below):
8:30 AM - Event Lobby Opens
8:50 AM - Welcome & Housekeeping
9:00 AM - Modern Cybercrime Trends
10:00 AM - 10 Minute Break
10:10 AM - Pandemic Planning, Business Continuity, and Remote Working
11:10 AM - 10 Minute Break
11:20 AM - Managing Your Managed Service Provider – 12 Questions to ask your MSP
12:00 PM - 45 Minute Lunch Break
12:45 PM - Information Security Program Components
2:10 PM - 10 Minute Break
2:20 PM - Cybersecurity Culture and Training Programs
3:00 PM - 10 Minute Break
3:10 PM - SBS Panel Discussion + Q&A
3:30 PM - Event Concludes
4:00 PM - Event Lobby Closes
Modern Cybercrime Trends:
Many organizations make the mistake of thinking that most cyberattacks are targeted attacks against large businesses or high-value targets. In today's environment, nothing could be further from the truth.
Today's hacker doesn't look like the mental image of a hacker that most people imagine. It's not some 15-year old kid in his (or her) mom's basement, drinking a liter of soda, eating a bowl of Cheetos, wearing a hoodie, and hacking the planet. Today's hacker is a professional (in nearly every sense) that gets paid (well) to do a job (just like you). Today's hacker isn't sitting around in his or her hacker cubicle somewhere in the world using the command prompt to repeatedly ping IP addresses manually. Modern hackers have numerous programs that automatically search the internet for devices that are "alive" - i.e. have an IP address and are willing to communicate with other devices on the internet.
In this session, we will discuss the following:
Pandemic Planning, Business Continuity, and Remote Working:
The spring of 2020 saw the world deal with its first pandemic since 2009's H1N1 swine flu, and financial institutions are dusting off their Pandemic Preparedness Plans and making plans to operate with reduced onsite staff and additional remote working capabilities. Pandemic Preparedness, which falls under the umbrella of Business Continuity Management, was all but removed from the updated FFIEC Business Continuity Management booklet in November of 2019, but we've quickly remembered that doesn't mean that the threat of a global pandemic isn't real.
This seminar will cover the current state of the COVID-19 - the novel coronavirus - and what financial institutions need to do from a Pandemic Preparedness and Business Continuity Perspective. Additionally, we'll discuss:
FFIEC guidance on Pandemic Preparedness
Short-term employee staffing issues
Long-term employee staffing issues
Securing your remote working capabilities
Communications - with employees, customers, regulators, and media
Managing Your Managed Service Provider – 12 Questions to ask your MSP:
Many institutions utilize a Managed Service Provider these days to manage IT infrastructure, often providing more expertise while saving some cost. But when it comes to protecting your data, the term "cybersecurity" can mean different things to different organizations. The goals of Information Technology (convenience and availability) far different than the goals of Information Security (protection and loss prevention).
How can you make sure your Managed Service Provider is truly benefitting you and helping you protect your institution and your customers' data?
This presentation will cover the following areas/topics:
Information Technology vs. Information Security
Types of Managed Services Providers
Traditional Vendor Management of MSPs
Modern Vendor Management of MSPs
Characteristics of a good MSP partnership
Questions to ask before you hire an MSP
Information Security Programs Components:
All banks are required to have a written, comprehensive Information Security Program that starts with a risk assessment. This section will overview the primary components of an Information Security Program to ensure your organization has a solid foundation on which to build its information security governance. With a risk-based Information Security Program, there are three major elements: Risk Assessment, Documentation, and Audit. We will explore these three areas, as well as how the risk assessment process drives the creation of documented policies, procedures, and plans that the institution can then implement. We will also discuss how the audit process then provides verification that those controls are both implemented and adequate.
Cybersecurity Culture and Training Programs:
The human element of information security is an increasing target for cybercriminals and generally considered the weakest area in information security. Security awareness and training on proper protocols is an essential element of good security and regulatory compliance, but moving from reactive training to proactive training is the hard part.
We will discuss many methods of constructing an adequate security awareness and training program for both employees of your bank and customers of your online products and services, including awareness to cybersecurity issues, training on what is expected, and clear accountability for employees and management responsible for protecting customer information. These elements can help establish a lasting culture that includes a passion for protecting customer information and a desire to be successful against cybercrime.
SBS Panel Discussion + Q&A
Your SBS presenters will all come back together to provide some closing remarks, address any additional discussion throughout the seminar, and answer whatever questions you might have from today's session. We'll be collecting and answering questions throughout the day, but feel free to submit any additional questions during the final break that weren't answered already.
Hacker Hour webinars are a series of free webinars hosted by SBS CyberSecurity. Unlike paid webinars, Hacker Hours are aimed to meet on a monthly basis to discuss cybersecurity issues and trends in an open format. Attendees are encouraged to join the conversation and get their questions answered. SBS will also offer products and services to help financial institutions with these specific issues.