Ransomware, Phishing, and Email Compromise: Is Your Incident Response Plan Ready

Phishing, Business Email Compromise, and Ransomware are some of the biggest concerns and examination focus for 2022. Having an incident response plan is not a suggestion, it is a requirement. Security breaches are real and inevitable, not to mention increasing every day. Does your Plan provide a framework for an effective and timely response?

Recorded Tuesday,
August 22nd, 2023
Presented by Susan Orr
$279.00 or 1 Token

Includes: 30 Days OnDemand Playback, Presenter Materials and Handouts

  • Information Technology/Security
  • Management/Employee Development
  • Risk Management/Legal
  • Commercial Lender
  • Deposit Operations Manager/Specialist
  • Internal Auditor
  • IT Professional
  • Privacy Officer/Information Security Professional
  • Risk Manager
  • Security Officer
  • Senior Management
  • Trainer

Save on annual training costs with our Webinar Subscription Service and share webinars across your entire organization.

Become a subscriber

Learn about upcoming events, webinars and discounts.

Sign Up For Email Notifications

When it comes to a security event or breach, it isn’t a matter of “if” but “when”. No one is immune, no one is 100% secure. Any breach regardless of the type or size can be potentially devasting and the catalyst for breaches continuing to emerge and intensify. 2021 is said to have been a breakout year for ransomware as the cybersecurity attack vector of choice; affected all industries and even single individuals. We now have Ransomware as a Service (RaaS), a pay-for-use malware. The third quarter of 2021 touts an unprecedented surge of unique phishing websites – an increase of over 400 thousand. And if all that isn’t enough, business email compromise (BEC), another damaging form of cybercrime has exploded on the scene. The outcome of an attack can result in huge financial losses but that isn’t the only concern, what about reputation risk?

Financial institutions are particularly vulnerable by the very nature of the business. You have information that thieves want, the information they can parley into cold hard cash, if not the cash itself. Your incident response plan should provide confidence that you have the right personnel and procedures in place to deal effectively and timely to s a security breach. And if that isn’t enough, the financial services industry is mandated to implement security controls and a framework for identifying potential risks, monitoring for and detecting unauthorized access mitigating the outcome, effectively responding to the event, and notifying customers, law enforcement, and regulators when it does happen. Be sure that examiners will be looking at your Plan.

The incident response plan shouldn’t be just a checklist. You need well-thought-out detailed procedures/response steps that have been practiced and tested to ensure you are as prepared as you can be when a security breach happens.

What You'll Learn

  • Is there a Regulatory requirement for having a plan?
  • What guidance, alerts, and bulletins are there surrounding incident response?
  • Roles and responsibilities, who is responsible?
  • What type of things would represent a breach or event?
  • What are the key elements of a Plan?
  • Do we really need a Plan if we outsource IT?
  • We have a disaster recovery plan, isn't that the same thing?

Who Should Attend

Senior management, Audit, Compliance, Risk Management, IT Committee, IT Officers, Information/Cyber Security Officers, Operations Officers, and anyone interested in developing the IRP.

Susan Orr

Instructor Bio

Susan Orr is a leading financial services expert with vast regulatory, risk management, and security best practice knowledge and expertise.

As an auditor and consultant, Susan is dedicated to assisting financial institutions in implementing appropriate policies and controls to protect confidential information and comply with regulatory mandates and best practices. Her expertise as an auditor and former examiner provides her the knowledge and expertise to conduct comprehensive IT general control and data security reviews and assist de novo institutions in the vendor selection process, preparing policies and procedures, and instituting controls. She also consults for numerous security providers and vendors helping them align products and services to meet institution regulatory mandates. Susan is a Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), and Certified Risk Professional (CRP).