Will the recent shutdown of the Silicon Valley Bank (SVB) and subsequent financial activity worldwide lead to an increase in cyberattacks? Some experts, including those at Avalon Cyber, think it’s a foregone conclusion.

“With the heightened media attention on SVB’s collapse, and other financial institutions under their own pressures, there will undoubtedly be a flurry of communications to customers about changes to their account status," says Kyle Cavalieri, president of Avalon Cyber. "We suspect that adversaries will jump on this opportunity to send carefully crafted emails that request ACH instruction changes, include malicious file attachments, and/or contain links to websites that harvest credentials.” 

While it’s difficult to predict the extent of damage adversaries may cause, there are a few factors that increase the likelihood of cyberattacks during an economic crisis:

• Cyber adversaries love chaos: As we all know, the COVID-19 pandemic saw cyber incidents soar. Similarly, the shock and confusion surrounding the recent shutdown of the Silicon Valley Bank and subsequent financial activity worldwide is the ideal environment for adversaries to strike, as people will be seeking guidance regarding their own savings and investments. So, yes, it’s an ideal time for cyber criminals to go phishing.
• Stressed out workers: Right now, financial professionals are under even more pressure than usual. Stress leads to mistakes, for example, clicking on bad link that downloads malware onto their computer and, ultimately, into their company’s network. But it’s not just the pros who are vulnerable. Bank customers are at risk, too, since adversaries can use the financial crisis to frighten them into revealing personal information, transferring money, and other potentially devastating activities.  
  
• Cutting cybersecurity expenses: If we do head into a recession, businesses will face more financial pressures and may need to make decisions about where to allocate their limited resources. This can lead to a reduction in funding for cybersecurity measures, leaving organizations more vulnerable to cyberattacks. However, there are table stakes (namely, the services listed below) that we believe are worth the investment, as a breach can be much costlier than protection, both monetarily and reputationally.
  

For these reasons, it’s important that organizations, including small and medium-sized businesses (SMBs), remain vigilant and invest – or continue to invest – in cybersecurity measures to protect themselves and their customers during uncertain times.

Here are a few proactive measures businesses can take to improve their security posture and avoid an incident:

Training employees on cybersecurity best practices: Employees are often the first line of defense against cyberattacks. Organizations should provide regular training on cybersecurity best practices, such as how to identify phishing scams, use strong passwords, and report suspicious activity.

Regularly updating and patching software: Adversaries often exploit vulnerabilities in outdated software to gain access to systems and data, so businesses need to be sure that their software is patched and updated to the latest version.

Conducting a cybersecurity risk assessment: Assess current cybersecurity risks and identify potential vulnerabilities that could be exploited by cyber criminals. This allows companies to prioritize their efforts and allocate resources to the areas that need the most attention.

Implementing strong access controls: Limit access to sensitive data and systems to just the employees who need it to do their jobs by implementing multifactor authentication, password policies, and role-based access controls..

Backing up data regularly: Regular data backups can help companies recover from a cyberattack. Backups should be stored in a secure location, preferably offsite, and tested regularly to ensure they are functioning properly.

Scheduling penetration tests and vulnerability assessments: These two proactive services help validate a business’s security measures and identify weaknesses so they can be addressed before they can be exploited. Vulnerability scanning should be performed at least monthly and penetration testing, typically for more mature security programs, should be executed annually.

Developing an incident response (IR) plan: In the event of a cyberattack, businesses should have an IR plan in place that allows them to respond quickly and effectively. The plan should include procedures for identifying the attack, containing the damage, and communicating with stakeholders.

Testing the IR plan: The best way to prepare for a cyber incident is by running through a “tabletop exercise” with cybersecurity professionals. A tabletop exercise is an activity that tests an organization’s IR plan to determine strengths and weaknesses and ensures that all team members understand their roles and responsibilities.

By taking these steps, businesses large and small can better protect themselves and their customers from cyberattacks during uncertain financial times. However, it's important to keep in mind that a cybersecurity program requires continuous monitoring and improvement to be most effective.

Need help protecting your business? Contact an expert today.