Increased cyberthreat due to the situation in Ukraine: DNB calls on financial institutions to remain alert
Published: 26 April 2022
Many institutions and security providers warn of an increased cyberthreat to Western vital organisations from sophisticated Russian hackers. Dutch financial institutions also rate the threat in their sector as increased, and are attentive to developments. No attacks have yet been observed, but increased threat monitoring remains necessary.
What is the threat?
Russia has indicated that it will respond to the Western sanctions. The country is considered capable of carrying out sophisticated direct cyberattacks, which can be very disruptive. There is also an indirect risk to the financial sector (chain risks). For example, if suppliers to financial institutions, or parties to which they have outsourced services, come under attack.
Focus on cybersecurity
We consider information security and related cyber risks to be one of the key operational risks at financial institutions. We have therefore shared examples of how to manage these risks in Q&As and Good Practices. Due to current events, we specifically ask that all financial institutions in the Netherlands devote additional attention to the following Good Practices.
Vulnerability and patch management
- Due to increased malware risk, be sure to keep the patch management in order and implement security patches on time.
- Make sure that you have identified your most important IT assets on the basis of a risk analysis. Pay particular attention to legacy and vulnerable systems, especially if they are no longer supported by the vendor, and consider whether they need additional protection.
Crisis management and business continuity management
- Stay alert in order to activate your crisis management structure when needed, with explicit commitment from your management board. Ensure that the governance of your crisis management structure is up-to-date, including a clear division of roles.
- Identify threats and potential effects of the situation on your institution, analyse them – preferably in a multidisciplinary team – and define measures where needed. We expect institutions to be sufficiently aware of their importance in society and the significance of their role in the financial system. Board-level decision-making must be assured in such situations.
- Assess your existing business continuity plans (BCPs) in terms of their adequacy. Any improvements needed must be made to current BCPs as quickly as possible with an emphasis both on operational processes of an acutely time-critical nature and on operational processes that could potentially become critical if absenteeism becomes chronic.
Other good examples
- Make sure your employees are alert to phishing mails, social engineering and potentially unknown contacts via telephone, Teams or LinkedIn.
- Deploy any options you have to shield your network and isolate applications and network access from supply chain providers to prevent a successful attack from spreading further.
- Make sure backups are available, and take measures to control and monitor access to backups. This can be done by means of offline backups, network zoning and/or detection of abnormal backup/restore activities.
Adopt a chain perspective
Cyber threats are usually not limited to a single organisation. Especially now, it is essential that financial institutions have a clear overview of important outsourcing and subcontracting arrangements, assess whether the service providers involved take measures in response to the increased threat assessment, and possibly take additional measures where necessary.
The more up-to-date knowledge is known about the modus operandi of cyberattackers, the better organisations can resist them. It is therefore important that financial institutions share specific information on digital threats with ISACs (sectoral partnerships) and supervisory authorities. Follow media reports, including news releases issued by the National Cyber Security Centre specifically on this topic.