Ransomware Spurs New Guidance

Dr. Kevin Streff

Dr. Kevin Streff is the Department Chair of Cyber Operations and Security at Dakota State, which has been recognized by the National Security Agency and The Department of Homeland Security as a national center of academic excellence in information assurance. He has extensive knowledge of the financial services industry, including banking, insurance, and credit operations, and speaks nationally on security issues and solutions relevant to small and medium-sized financial institutions.

Dr. Streff is the founder and managing partner of Secure Banking Solutions, a security consulting firm focused on improving security in financial institutions across the country. He is also Founder of InfraGard - South Dakota, a partnership program between private industry and the U.S. government (represented by the FBI). He has testified to U.S. Senate Congressional committees on behalf of small and medium-sized financial institutions regarding cyber security issues affecting their organizations, most recently in September, 2015 to Senate Committee on Commerce, Science and Transportation during a hearing entitled "Confronting the Challenge of Cybersecurity".

If your credit union received an email threatening to destroy institution or member data if you don’t pay $1,000, what would your institution do? Is it a good business decision to pay up? Does someone really have the ability to control a computer at your institution? Ransomware is so concerning that the FBI has recently issued warnings and guidance containing instructions on how institutions can protect themselves.

In March, the FBI also released information regarding controls useful in mitigating the risk of such malware infections and methods to quickly respond in restoring business processes. The FFIEC also issued Destructive Malware guidance in 2015 which brings awareness to malware, such as ransomware, and provides suggested process changes to your Information Security Program to ensure these risks are addressed.

Unfortunately, financial institutions need to better understand ransomware from a business and technical perspective, as ransomware is likely to continue to grow and evolve as a threat. The best defense methods are based on the awareness to the threat and solid risk management processes to assess the risks. We look forward to discussing ransomware with you and answering your questions about this emerging threat.

Covered Topics:

US-CERT, a government information sharing resource, issued an alert March 31st highlighting two specific Ransomware variants (Locky and Samas) that have caused significant damage to financial institutions, members, and small businesses. In this presentation, we will demonstrate the impact of ransomware, review recent guidance, and explore how to leverage your risk management processes to protect your institution. Specific topics included:

Discussion on latest FBI and US-Cert guidance
Review FFIEC Destructive Malware expectations
Member education and outreach considerations
Integration into your Information Security Program

Who Should Attend?

This webinar will benefit the Directors, CEO, Information Security Officer, Network Administrator, Risk Officer, IT Managers, or other management team members involved either Information Technology or Information Security.

Covered Topics:

Who Should Attend?

Error Condition Detected