Community Banks and Credit Unions Beware: Cyber-security is Again One of the Top Five Risks!

2022 might look different from previous years but when talking with management about key risks they face this year the usual subject settles into the top five-risk list.

Cyber-security continues to be a major concern for all Community Banks and Credit Unions. Cyber risks may be exacerbated by more employees working from home, more mobile access to financial information and even new generational risks as older clients adapt to post COVID world of isolation through electronic banking.

From our perspective the current environment does much to reinforce the value of penetration testing and vulnerability scanning.  Of the myriad of technology and process controls available, these two must not be overlooked and certainly, we cannot forget them.

For those of us who might interchange the two there are differences between them.

Penetration Testing typically exploits known weaknesses in security. Deep testing, lasting anywhere from a couple days to a couple of weeks, helps provide management with concrete weaknesses in certain areas and is completed by experienced humans who can manipulate systems and fully exploit the weaknesses. Knowing to what degree an intruder can exploit a weakness helps management address the situation with the appropriate resources and in the proper resolution timeframe.

Vulnerability Scanning, in difference from penetration testing, is the act of identifying potential vulnerabilities in network devices such as firewalls, routed, switchers, servers and application. It is automated and focuses on finding potential and known vulnerabilities on the network or an application level. It does not exploit the vulnerabilities. The results of vulnerability scanning helps management determine if further penetration testing is needed, are there unknown system weaknesses that need to be explored, and provide a general status of the current environment. Utilization of both processes will strengthen the control environment of your organization and potentially save you from unexpected loss, limit negative reputational risk impacts and provide your clients with a sense of confidence that their information and money are safeguarded.