CSBS Updates Ransomware Self-Assessment Tool in Response to Enhanced Threats
On October 24th, 2023 the Conference of State Bank Supervisors (CSBS) released a webinar outlining their updates to the Ransomware Self-Assessment Tool (R-SAT) detailing today’s ransomware threat environment, the risk to the financial sector, and why changes were made to the R-SAT. Speakers included Commissioner Charles Cooper of the Texas Department of Banking, Phillip Hinkle of the Texas Department of Banking, Robert Kahl of the FDIC, Christopher Furlow of the Texas Bankers Association, Brad Robinson of the CSBS, and Mary Quist of the CSBS.
Ransomware Self-Assessment Tool – What is it?
In case you didn’t know, the R-SAT is a resource created from the Bankers Electronic Crimes Taskforce, state bank regulators, and the United States Secret Service to “help financial institutions periodically assess their efforts to mitigate risks associated with ransomware and identify gaps for increasing security,” according to the R-SAT Purpose Description.
Essentially, this tool allows an organization to check and verify they are following all of the best security practices to help reduce the risk of ransomware. This can be done regularly on an organization’s own time, and it compliments things such as vulnerability assessments, penetration tests, and audits.
Important Updates to R-SAT
While many of the core elements of the R-SAT are the same, they have expanded the questionnaire from 16 to 20 questions and included emphasis within some critical areas. Below are a few key changes we agree are big game changers on how you view security within your organization:
- Increased emphasis on multi-factor authentication (MFA).
Before, MFA was a subsection of the R-SAT. They have now expanded it to its own question (question 13) and emphasized key components on where it should be used at a minimum.
Request a Consult
- Security Awareness Training for employees has an increased emphasis.
The assessment tool now focuses more on the quality and quantity of security training for employees by adding in a question on frequency and whether the organization utilizes phishing tests on a quarterly basis. They also ask if the organization is providing emerging ransomware threats and news to keep everyone aware. - Expansion for checks on cloud-based environments.
Throughout the assessment, there has been an increase in detail regarding cloud-based environments for authentication, data validation, and even backup controls. - Incident Response Planning.
Not only do they update wording and processes to match the latest needs in cyber controls, but they include alternative strategies with regard to third party involvement ranging from media representation, escalation procedures, threat hunting, and more. - Third Party Engagement.
Last but not least, they also added some emphasis and checks regarding organizations that use outside partners to complete their service portfolio. New questions about response procedures and scope of how a third party may be involved (question 18) or if you utilize an existing pre-approved third party in the event of a ransomware attack (question 19). A sub question for this that is very important asks, “Are any such third parties pre-approved by the bank’s cyber insurance provider?”
A Successful Update to a Great Resource
Here at Lasco, we are pleased to see further development of this assessment tool. There have been a great number of advancements on how ransomware can be distributed, and it only gets easier for threat actors. With these changes and vigilance on security we can continue to defend against the next cyber incident in our organizations.
If you would like to watch the webinar, you can see it here: https://youtu.be/lMZgpJ1fF_A?si=Hl90jfJB_j9M_EVC
Check out the updated assessment tool here: https://www.csbs.org/ransomware-self-assessment-tool
Don’t forget, we can help you through the changes of this assessment tool and many tools like it! Connect us by filling out the form above or find out more information on our Cyberecurity and Compliance page.