📰 A Guide for Community Banks | Tuesday Times | May 7, 2024

Joses

What is Tuesday Times?

Tuesday Times is a weekly Tuesday series where we highlight a handful of recent cybersecurity-related news stories. We'll provide brief summaries of these news stories and link the articles directly, should you want to read more!

Feel free to comment on any of the articles highlighted, or share your own in the comments below!

A Guide for Community Banks | Tuesday Times | May 7, 2024

Agencies Issue Guide to Assist Community Banks to Develop and Implement Third-Party Risk Management Practices

• On May 3, 2024, a group of federal bank regulatory agencies consisting of the Federal Deposit Insurance Corporation (FDIC), the Office of the Comptroller of the Currency (OCC), and the Board of Governors of the Federal Reserve System (FRB) published a guide for community banks.
• As community banks increase their engagement with third parties, new risks are introduced. It's crucial that these banks "appropriately identify, assess, monitor, and control these risks and ensure that activities are performed in a safe and sound manner and in compliance with applicable laws and regulations."
• While the use of the Third-Party Risk Management Guide is voluntary, these agencies hope that it will act as a resource for any sized bank that is looking to improve its current third-party risk management practices.

Ransomware Payments Decline, Yet Risk Looms Large: Threat Report

• With technology advancing faster than ever, it's imperative to stay on top of common trends hackers use to gain access to private systems and perform complex cyberattacks.
• Deloitte's threat report showcases emerging threat trends to help companies with their cyber risk mitigation strategies. The main trends described in this report include ransomware, AI-powered phishing, unauthorized access, and malware.
• Some notable details in the report include: "In 2023, more than 8.2 billion records were breached across all industries, with an average cost of $4.45 million" and "Abuse of valid credentials in 2023 accounted for 44.7% of all data breaches, up from 41.6% in 2022."

Dropbox Warns Hacker Accessed Customer Passwords and 2FA Data

• On April 24, 2024, a hacker gained access to the Dropbox Sign production environment including customer information. This customer information includes "email addresses, usernames, phone numbers and hashed passwords, in addition to general account settings and certain authentication information."
• Dropbox has reportedly reached out to all impacted users and has "reset users’ passwords, logged users out of any devices they had connected to Dropbox Sign, and is coordinating the rotation of all API keys and OAuth tokens."
• There is no evidence of access to customer documents or agreements, and Dropbox believes this incident was isolated to Dropbox Sign infrastructure. To read Dropbox's full statement, please click here.