How community banks can address cybercrime – Independent Banker

Illustration by Cnythzl/iStock

Fraud and cyber attacks are on the rise, and at great expense to the industry. Community banks have a choice about addressing the problem: Remain vulnerable or be vigilant. Here are some ideas for strengthening fraud defenses.

By William Atkinson

Fraud and cybercrimes continue to increase, causing challenges for community banks. Cybercrime could cost $10.5 trillion globally by 2025, according to research agency Cybersecurity Ventures, and the Association of Certified Fraud Examiners said that 77% of anti-fraud experts reported they had seen more fraud between May and August 2021.

But there’s plenty community banks can do to meet this challenge. One bank with a strong, comprehensive and effective handle on it is $4 billion-asset Texas Bank and Trust Company in Longview, Texas.

“We have absolutely seen a rise in fraud of all types in recent months and years,” says Scottie Luke, senior vice president and chief risk officer for the community bank’s risk management department. “The fraudsters are more knowledgeable of the processes, and, therefore, their schemes are harder to detect. The dollar amounts involved in these more sophisticated fraud schemes have increased, as have the number of fraud cases we see on a daily basis.”

Jeff Wyatt, senior vice president and chief systems architect in Texas Bank and Trust Company’s technology division, adds: “From a cybersecurity perspective, supply chain attacks and ransomware represent the greatest emerging threats. Third-party updates are happening at a continuously increasing rate several times a month. We are in a never-ending cycle of researching updates, testing and patching devices. The updates themselves can be packaged with hidden malware.”

The community bank keeps a close watch on emerging threats experienced by other financial institutions, as well as security researchers’ discoveries through threat feeds. “If we see chatter about a product or server we utilize, we immediately work to identify possible indicators of compromise,” says Wyatt. “We forensically research activities surrounding each possible incident, looking for anomalies in installations and traffic flow to and from the internet.” If an actual incident is determined, the community bank’s process is to immediately bring in forensic experts to isolate affected systems, determine the full scope of the events and identify possible exposures.

“We would then assemble the incident response team, contact regulators and law enforcement and notify any customers who may have been exposed,” says Wyatt. “We would work to rebuild affected systems from backups where possible and re-install systems from scratch when necessary to ensure that no portions of the compromise still exist.”

The bank works hard to prevent attacks with many defensive layers of security. Wyatt says Texas Bank and Trust Company also employs an incident response program with the requisite procedures for “resilient recovery.”

“We currently use a fraud detective monitoring software program for our daily fraud monitoring,” says Luke, “[and] will be migrating to a new and more robust fraud monitoring system that is cloud-based and will detect fraud from a peer group perspective. In addition, we continue to work with the Secret Service, FBI and local law enforcement when applicable on fraud issues as they arise.”

Fraud-fighting recommendations

According to Joel Williquette, senior vice president, operational risk policy for ICBA, there are steps community banks can take to address issues of fraud and cybercrime if and when they arise.

1. Tailor cybercrime training for the home environment if your bank still has “work from home” employees. “Continue to educate employees on how to recognize phishing attacks and fraud not only for the bank but also with your customers,” Williquette says.

2. Understand the relationship that you have with your vendors. That includes knowing what information the vendor houses and/or uses on behalf of your bank, and how that information is stored and protected. “It is important that IT departments not only map out their network, but also have a good understanding of how their network, systems and data interact with third-party vendor systems, even those on the web,” says Williquette.

3. Focus on vendor management for purchasing hardware and software. “Hardware and software that is manufactured in China by Chinese companies should be considered a higher risk than similar products manufactured by U.S. companies, either in the U.S. or in China,” he says.

4. Review all your contracts to understand their terms. Make sure third-party service providers, including core providers, are under contract to accept responsibility and liability should a breach or incident originate at the third-party service provider.

5. Deploy multifactor authentication (MFA) internally. Just as MFA reduces risk for their customers, requiring vendors to use it can help protect a bank’s systems. “True MFA is more than a user’s ID and passwords,” says Williquette. “Along with usernames and passwords, effective MFA uses a secure app on phones or a physical security device, like a card or key fob.” And, he adds, username, password and an authenticator app or physical device create a much more secure MFA than does a username, password and then verification through email, a phone call or text message.

6. Secure your telecommunications. Digital connections between branches and third-party service providers need to be encrypted or secured in some other fashion. “Should your telecommunications company be hacked, you need an additional layer of protection under the bank’s control,” he says.

7. Understand how your cyber insurance covers your bank if a breach or issue originates at a third-party service provider, including a core provider.

8. Always be prepared for a large-scale cyberattack. “It is expected that the use of cyberattacks, by both Russia and China, will continue to grow,” says Williquette. “Both China and Russia are primarily focused on the theft of information. However, they may turn their focus to disruption, especially during times when Chinese, Russian and U.S. relations continue to be strained due to global competition.”

William Atkinson is a writer in Illinois.