ELOC BankTable Top Exercise - Texas

ELOC BankTable Top Exercise - Texas

ELOC Bank Table Top Exercise Executive Leadership of Cybersecurity Austin, TX December 3, 2014 1 ELOC Bank Background ELOC Bank is a $250 million commercial bank

providing a comprehensive range of banking products and services. Customers connect to the banks online Cash Management System to complete ACH origination and wire transfers. 2 ELOC Bank September 2014 IT Audit Report

3 Bank IT Audit Report The September 2014 IT Audit found that the banks network and systems were adequately protected. However, the following recommendations were made: Enhance employee training on wire & ACH payment procedures Review and update the banks

insurance coverages for cyber incidents Add an Intrusion Prevention System (IPS) to help prevent network intrusion Conduct incident response testing and provide the Board with reports on Cyber threats and readiness 4

December 5, 2014 Board Meeting The IT Steering Committee researched the auditors recommendations and provided an estimate of the cost to the Board. Implementation and on-going costs are higher than expected and were not budgeted. 5

ELOC Bank Group Interaction 1 What Would You Do? A. Revise 2015 budget to address all B. C. D. E.

recommendations by September 30, 2015. Cancel employee and executive bonuses and Directors fees to pay for auditor recommendations. Postpone action on the audit recommendations until the February 5, 2015 board meeting. Add an additional guard at the computer room door to prevent system intrusion. Other? Why or Why Not? A. Revise 2015 budget to address all

B. C. D. E. recommendations by September 30, 2015. Cancel employee and executive bonuses and Directors fees to pay for auditor recommendations. Postpone action on the audit recommendations

until the February 5, 2015 board meeting. Add an additional guard at the computer room door to prevent system intrusion. Other? Action the Board Took On December 5, 2014, after much deliberation, ELOC Banks Board decides to postpone action on the audit recommendations until the February 5, 2015 Board meeting. ELOC Bank

December 26, 2014 Service Disruption 10 December 26, 2014 Help and Technical Support Desks are receiving a significant volume of calls. 2:00 pm Employees are reporting : Slow computer response time Online-banking and cash management systems are behaving erratically.

2:30 pm Customers are flooding the banks Help Desk and reporting: ELOC Banks website is slow and acting erratically Cant reach the online banking and cash management web pages 2:45 pm National news services begin reporting: that several large banks are having similar problems 3:00 pm Staff informs CEO of all of the above. 11 ELOC Bank Group Interaction 2 What Would You Do?

A. Ask the IT manager for a verbal report - Wait for their recommendation and report before deciding what to do. B. Immediately call an Officers meeting to gather information and develop a plan of action. C. Alert appropriate staff that the IT department is aware of the issue and working on a solution. D. Launch your Incident Response Plan. E. Other? 13

Why or Why Not? A. Ask the IT manager for a verbal report - Wait for their recommendation and report before deciding what to do. B. Immediately call an Officers meeting to gather information and develop a plan of action. C. Alert appropriate staff that the IT department is aware of the issue and working on a solution. D. Launch your Incident Response Plan.

E. Other? 14 December 26, 2014 Bank systems and operations are operating normally The IT Manager notifies the president that the bank experienced a Distributed Denial of Service (DDoS) attack earlier and that abnormal traffic activity was identified. However, the DDoS attack ended and all bank systems are operating normally. Employees are able to complete bank functions including retrieving

customer ACH origination files and online wire transfer requests. All end of day processing was completed and all systems are operating normally. 15 ELOC Bank December 29, 2014 Wire Transfer 16

December 29, 2014 $230,000 wire transfer request arrives from Cash Management System. Presidents approval is needed. President questions validity, asks the cashier if she has called the customer to confirm. Cashier says shes already talked to the customer and he confirmed the wire going to China. The President reviews the account, and again asks the cashier if she has called and talked the customer. She again says yes, she talked to him and confirmed it. 17

Decision Point! Based upon the information known now, If you were this banker, would you: 1. Not send the wire 2. Send the wire 18 December 30, 2014 9:00 am The customer from Monday contacts the bank and

reports that $230,000 is missing from his account. He is upset and needs to make month-end payroll. 10:00 am After some investigation management determines that the wire was fraudulent. The bank contacts their correspondent bank to recover the funds but the money has already left the country and it is night time in China. 19

ELOC Bank Group Interaction 3 What Would You Do? A. Activate the Incident Response Plan. B. Notify primary regulator and law enforcement. C. Return the $230,000 to the customers account so they can meet payroll. D. Hire an outside expert to conduct an investigation and forensics analysis.

E. Review insurance coverage. F. Other? 21 Why or Why Not? A. Activate the Incident Response Plan. B. Notify primary regulator and law enforcement. C. Return the $230,000 to the customers account so they can meet payroll. D. Hire an outside expert to conduct an investigation and forensics analysis.

E. Review insurance coverage. F. Other? 22 Exercise Scenario Summary 1. Delayed Audit Action 2. Internet and System Disruption Incident Response testing and updating 3. Fraudulent Wire Transfer Incident Response testing and updating

Wire procedures training Insurance review related to Cybersecurity 23 Executive Leadership of Cybersecurity Culture of Security

Tone from the Top Educate staff & customers Incident Response Plan Realistic Testing of Plans Review Insurance Threat intelligence and collaboration 24

FFIEC.GO V 25

Recently Viewed Presentations