What to expect in 2023

Experts share a common theme that supply chain attacks and ransomware attacks will certainly increase in scope and sophistication in 2023.

Many of the most respected threat models in the cybersecurity space and notable experts in this industry share a common theme that supply chain attacks and ransomware attacks will certainly increase in scope and sophistication in 2023. This theme is also shared by our government as more regulations and laws are being introduced.

The National Institute of Standards and Technology (NIST), more specifically, Special Publication 800-53, was originally created as a set of recommended security and privacy controls for federal information systems and organizations to help meet the requirements set by the Federal Information Security Management Act (FISMA). Since NIST’s inception, it has been adopted by both state and local governments, along with private organizations, as their security controls framework. The reason I mention this standard is because there was a major revision introduced back in 2020 that is causing organizations to scramble to remain in compliance.

There are a lot of new controls

In total, 63 controls got 149 enhancements and 66 new control families were added including: Personally Identifiable Information Processing and Transparency and Supply Chain Risk Management. In summary, there is a greater emphasis placed on our supply chains to ensure that the proper security controls in place. A lot more skin in the game, if you will.

We will see an increased scrutiny in the security supply chain from customers that will shift some of the responsibility to the suppliers. With the increased potential of fines, plus the rising cost and complexity of cyber insurance, organizations will be held accountable by both their customers and regulators to provide accredited security solutions.

Strengthen cybersecurity defenses

In the digital era, most businesses have their operations online. This certainly has made us more efficient but it has also put us at risk for more cybercrime. Cybersecurity threats such as ransomware, malware, hacking and phishing attacks can disrupt our business operations, leading to big losses. These are the trends we will see more of in 2023.

What can we do?

• Enhance, modify, or put in place, compliance standards that all parties in your supply chain should follow.
• Define who can access your systems and data, and what they can do with the information.
• Improve and enhance employee cybersecurity training, so they don’t become victims set by cybercriminals. The same can be said for your customers. Ensure that your customers understand the risks.
• Double check and test your disaster recovery and business continuity plans to ensure your operations don’t stop in case of a breach or security event.
• Keep your software updated and utilize security tools such as VPN, anti-malware and firewalls. You can also consider network access control as well as domain name system (DNS) filtering for more security.

Last but certainly not least — especially for our Texas community banks — ensure your bank is a member of the Texas Bankers Information Sharing and Analysis Organization (TBISAO). All of the services provided by the TBISAO are available at no additional cost to our member banks.

Threat Intelligence is available through our partnership with Splunk. Slack is our information sharing and collaboration portal. We also have a membership with the International Association of Certified ISAOs that provide TBISAO with the identification of global pubic and private sector risks derived from the active, real-time discovery, analysis and information sharing of actionable and defensive measure supported by security resilience tools and technologies, best practice and education.

[email protected]
www.texasbankers.com/tbisao