Autumn is a time of transition from those hot summer days (where it doesn’t get dark until around 10:00 p.m. where I live) to cool mornings with temperatures in the 50s and sunsets before dinnertime. Autumn is a time when trees shed their leaves and we prepare for the more sinister season of winter.
Autumn is also a time to pay special attention to security, with National Preparedness Month (September) and Cybersecurity Awareness Month (October). The preparedness focus tends to have us think more generally (like weather-related events) while also putting us in anticipation of the more ominous, such as what can happen around a cybersecurity event. According to CISA, this is the 18th year for Cybersecurity Awareness Month and the 17th year for National Preparedness Month. You’d think after having those topics be a focus for almost two decades now, we’d all be pretty good at being ready for anything … right?
The truth is there are a lot more things today than there were in the early 2000s to be prepared for. Look no further than Apple’s iPhone, which wasn’t introduced until 2007. Fast forward to 2021, and look at how much just that one category, the smartphone, changed the way your organization, and more importantly, your accountholders, operate. Many industry pundits say the COVID-19 pandemic accelerated digital adoption by banks and credit unions by more than five years.
While a majority of accountholders today can’t imagine doing business with your organization without their smartphone, it has also dramatically increased the attack surface for cyber criminals. This channel and the associated applications must also now be on the list of things that banks and credit unions are prepared to ensure continue to function, no matter what.
Words help frame your thoughts; your thoughts help frame your plans; and your plans help frame your actions. But, here in 2021, are we hearing the right words? When it comes to cybersecurity, should we really be pushing “awareness?” Financial services is one of DHS’ Critical Infrastructure verticals. Is “awareness” where we should be – 18 years after the campaign started? If you had any response to that question, other than wanting to scream no as loud as you possibly could, we need to talk.
Just like we need to be thinking far more strategically and tactically than “awareness” implies, we also need to be taking actions that fortify our “preparedness.” We should already be running programs, such as a business continuity (BC) program, not just the occasional project here or there. As one of the industry’s thought leaders, Jack Henry’s Tom Williams, has stressed for years the importance of having a BC program which envelops crisis management, disaster recovery, and incident response as critical components. The time for awareness was a long time ago, and the time for preparedness has also passed us by.
Budget pressures, staffing shortages, and other economic challenges create noise and fog that stop many from doing what they know they really need to do in order to remain viable and ready. The best banks and credit unions find a timely way to cut through the noise and see through the fog to ensure that they are ready.
Who We Serve
What We Offer