Cyber attacks cost you time, money and, possibly, your reputation

Editor’s note: This column was included in the May 2 version of The Pulse, a weekly BankBeat email newsletter sent to subscribers.

I learned distressing yet enlightening cybersecurity news last month while attending the Iowa Division of Banking’s Day with the Superintendent in West Des Moines.

Iowa Banking Superintendent James Johnson said community banks, though relatively small, are attractive targets for cyber criminals, calling them “low-hanging fruit.” Though $37.4 billion in losses have been reported from cybercrime over the past five years, Omaha-based FBI Special Agent in Charge Dean Neubauer estimated the total amount is likely more than $100 billion.

The conference occurred as law enforcement and cybersecurity experts report attempted cyber attacks on a daily basis. Minnetonka, Minn.-based health insurance giant UnitedHealth Group sustained the latest highly-publicized data breach. The company disclosed paying ransom to cyber threat actors to try and protect patient data, but files containing personal information were still compromised in the attack. UnitedHealth Group, which has more than 152 million customers, revealed the breach “could cover a substantial proportion of people in America.” The breach was later attributed to a Russian ransomware gang known as ALPHV or BlackCat. 

Data breaches are often triggered by human error, regardless of the sophistication of internal controls. A study by Stanford University Professor Jeff Hancock and security firm Tessian found 88 percent of data breach incidents stem from employee mistakes. IBM Security research places that number at 95 percent. 

Those numbers, while distressing, should also empower bank leaders to ensure staff are digitally literate. Employees should be trained on how to spot malicious emails and proactively identify threats from lookalike domains. Fake domains can sometimes be identified by noticing a misspelled URL or a seemingly innocuous email containing malicious links. Multi-factor authentication is a must-have for banks, Neubauer noted. 

Speaking with me for an upcoming BankBeat magazine story, banking and finance attorney John Reichert said the rise in cyber fraud is a significant consideration for selling banks. The law firm where Reichert works, Milwaukee-based Reinhart Boerner Van Deuren, receives fraud-related calls from bankers on a daily basis. “The fraudsters are really hard to keep up with, and if you are a small bank that can be a challenge,” Reichert added. “Even if you have the appropriate insurance and everything, it’s a significant cost and disruption.”

Reichert’s comments highlight the importance of proactively combating cyber threats.