Russian threat prompts elevated bank security

Russian-based hacking of financial institutions may have not reached the volume many feared before the onset of the Ukrainian war, but that’s not to say that people are letting their guards down.

“Attacks have been on the rise every year,” especially during the past five years, said Scott Warner, president of Connecting Point of Greeley and chairman of the Greeley Chamber of Commerce Board of Directors.

Sources contacted for this story were contacted before the March 22 White House announcement that Russian state-sponsored hackers were preparing for attacks, primarily to disrupt energy related targets, but also including at least 18 U.S. companies in other sectors, such as defense and financial services, the FBI said. News reports from the White House briefing said that Russia had been conducting “preparatory activity” for cyber attacks, which could include scanning websites for vulnerabilities.

SPONSORED CONTENT

Business Cares: April 2024

In Colorado, 1 in 3 women, 1 in 3 men and 1 in 2 transgender individuals will experience an attempted or completed sexual assault in their lifetime. During April, we recognize Sexual Assault Awareness Month with the hopes of increasing conversations about this very important issue.

However, in the highly regulated financial field, Warner said, companies are constantly upgrading security and are well aware of the increased threat. 

“With more people working from home during the pandemic, attackers jumped on that,” Warner said. “This is something that’s always going on in high volumes, and it’s constantly going up. I think everyone should be on guard.”

Mike Brown, regional president of the Alpine Bank Vail Valley and Steamboat locations, said his own bank was already “in very high alert,” as the war loomed. As chairman of the Colorado Bankers Association, he said that seems certainly the case across the board.

“Cyber security is one of the top areas for our industry,” Brown said. “Banks are already among the most secure and most attentive of any industry. We have a high responsibility.”

At Centennial Lending in Frederick, a credit union service organization that serves nine states,  alert status was also high, said Michael Nagl, president and CEO. The organization provides service to more than 100 credit unions, expanding their ability to serve both residential mortgage and commercial lending needs.

“We’re certainly on a higher alert,” Nagl said. “Even though we know we’re not the Chase Manhattan, PII (personal identifiable information) is near and dear to us. It always has been.  As Russia faces these economic consequences, I’m sure they’ll be looking for some easy cash.”

Nagl said that security updates and strategies are constant at all times for Centennial, which contracts with Connecting Point for its data management. But at times such as these, he said, those regular meetings seem to have more import.

At the Northern Colorado and Wyoming Better Business Bureau, President/CEO Shelley Polansky said the BBB is reminding all businesses that cybersecurity is not an option but a necessity. 

The BBB has a list of essential moves for businesses, as follows:

• Train all employees in cybersecurity best practices so they understand the risks associated with accessing company data and systems. 
• Implement role-based access control (RBAC). This allows you to assign specific permissions to different employees based on their roles in the company, controlling who has access to what data. 
• Initiate automated remote backup and data recovery, which allows you to store an extra copy of your data off site in a secure location. 
• Enable multi-factor authentication — which makes it significantly more difficult for cybercriminals to access your data and systems by providing an added layer of security if a cybercriminal circumvents your password. 
• Secure your Wi-Fi networks.

At Rigid Bits in Longmont, which is a cybersecurity specialty firm, Ryan Smith said good antivirus and end-point detection and response are also musts for companies handling sensitive data, as even emails, addresses and birthdates can cause a great deal of damage once on the Dark Web.

“Companies need to have an incident response plan. So many companies come to us after losing data, without a response plan,” he said. “It’s like having a plan in case of a fire.”

Connecting Point has been in Managed IT services for 20 of its 40 years of existence, but security has been in the forefront since its inception. Even so, security concern has jumped geometrically over the past five years and even more over the past 24 to 36 months, Warner said.

“The landscape of that is changing even as we speak and you need to give your client or business the best chance to mitigate risk, and recover in the instance of a breach.

“You are trying to make yourself a more difficult target,” Warner said. “There is so much low hanging fruit for bad actors, so many businesses not doing it right; if you implement best practices, the bad actor will move on.”