Russia’s 2022 invasion of Ukraine has conjured worries of global cyber hostilities that could reach any internet-connected device or system — from the one you’re using right now to those powering an organization you may own, work for, or rely on for warmth and sustenance.
While such outcomes may seem exaggerated, a renewed sense of unease stemming from the conflict is palpable, especially for organizations with cloud-based or cloud-adjacent business models.
To address this concern, we’ll shed light on ways to avoid and withstand cybersecurity breaches, and explain why TurnKey Lender’s clients — a globe-spanning roster that includes community banks and credit unions as well as retail, medical, and B2B lenders — are in particularly good hands right now.
But first, wanted to check if you (or your staff) would like this brochure with TurnKey Lender Platform reviews from IDC, Gartner, Deloitte and others.
Brass tacks on cybersecurity in digital lending
While renewed hostilities in Eastern Europe have led to “talk of computer-systems security, cyberattacks have been on the rise around the globe in recent years,” says Dmitry Voronenko, CEO and co-founder of TurnKey Lender. “According to IBM, when attacked, it costs the average business $3.9 million, and — maybe more frightening — it takes more than 200 days on average to understand that an attack has even occurred.”
Ascend Technologies, an IT consultancy, provides a view of cybercrime’s impacts that hit home for many small to medium-size business owners.
- Mass-market antivirus software solutions are only 43% effective against attacks
- Nearly 70% of small and mid-size organizations cease operations within six months of a cyberattack
- 91% of breaches start with an email
- 4,000 ransom attacks occur every day
“These hazards have been in sight since the earliest days of the internet”, says Voronenko. “The fact that more people are aware of them is a good thing, and an aid to the digital transformation that’s reshaping and improving how we all do business with each other.”
Adds Voronenko: “Where there’s reward, there’s also risk, and risk can be managed.”
Fear of hostile cyber operatives sabotaging power grids or stifling economies is fueled by recent history. In 2015 and in 2017, those scenarios played out in Ukraine following open hostilities in 2014. Now, with Russian ground and air forces moving to bisect the country, Ukraine is again beset by crippling malware and denial-of-service attacks emanating from its neighbor to the north.
Homeland Security weighs in
The longer the conflict continues, the likelier bad actors are to make cyber trouble in jurisdictions even vaguely supportive of Ukrainian resistance, according to US authorities.
“Every organization, large and small, must be prepared to respond to disruptive cyber activity,” the Department of Homeland Security’s cybersecurity unit says in an unusual “Shields Up” warning about “Russian cyber threats” to “every organization, large and small,” that it issued in late February 2022.
DHS’s Cybersecurity & Infrastructure Security Agency admonishes “all organizations” — apparently without reference to jurisdiction — to “adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.” To this end, the agency makes the following recommendations.
To reduce the likelihood of a damaging cyber intrusion:
- Require multi-factor authentication for access to network and administrative functionality
- Prioritize software updates that address vulnerabilities identified by DHS
- Disable all nonessential ports and protocols
- Review and implement enhanced controls per DHS guidance (especially cloud-service users)
- Register for CISA’s free cyber hygiene services
To ensure responsiveness if an intrusion occurs:
- Designate a crisis-response team with designated responsibilities (such as technology, communications, continuity) for cybersecurity incidents
- Assure availability of key personnel
- Identify means to provide surge support for responding to an incident.
- Ensure that all participants understand their roles in the event of an incident by means of “tabletop exercises”
To maximize resilience to a destructive cyber incident:
- Test backup procedures to ensure that critical data can be rapidly restored
- Ensure that backups are isolated from network connections
- Stress test manual controls to ensure that critical functions remain operable
While many clients of TurnKey Lender — which boasts nearly a dozen international security certifications, including the coveted SOC 2 Types I & II — use cloud-based versions of its lending software, the company also provides server-based versions of its modular platform that some organizations prefer.
But one version isn’t significantly more secure than another. Remember: more than 90% of cyber breaches gain entree via company email accounts — and you’d be hard-pressed to find many organizations that don’t assign email accounts to staff members. As a result, nearly every company out there is just an absent-minded click away from a potentially crippling malware attack.
SaaS providers have to lead the way
Email isn’t the only leveler when it comes to security for cloud- versus server-based computing. Cloud-based software-as-a-service providers (like TurnKey Lender) are constrained to lead the way in cyber-readiness as a matter of competitive necessity.
Unlike lenders that use their own technology — or turn to fintechs, banks, or other providers with relatively static platforms — companies that provide lending capabilities as a cloud service must provide the most complete and up-to-date security infrastructure, with updates and stress tests a matter of almost daily routine. This makes the risk of cloud-based platforms being out-of-date when faced with new threats considerably lower to TurnKey Lender’s clients and their customers.
“To combat sophisticated hackers, lenders should be armed with the latest fraud-prevention technologies available,” says TurnKey Lender’s Voronenko.
“This goes past no-brainers like maintaining current and applicable versions of anti-money-laundering and know-your-customer rules, and providing watchlists for blacklisted customers and other security hard-stops, to ensuring that information is protected from breach, loss, or damage while maintaining an efficient work environment for everybody involved.”
