Inside the Collapse of Silicon Valley Bank and Related Challenges for Cybersecurity
March 22, 2023
The recent collapse of Silicon Valley Bank has the potential to provide a fertile ground for many cyber scammers and malicious actors. Though a complete understanding of all the targets of these scams and threats is not yet clear, it is predicted that they could target all types of companies and individuals, including finance, corporate, not-for-profit, and higher education.
Today we take a deeper look into the collapse of Silicon Valley Bank and understand how threat actors can exploit this collapse to launch a multitude of cyberattacks and malicious activity, and the protective measures your institution should take moving forward.
About the Collapse
In recent weeks, Silicon Valley Bank, was shut down by the federal government and the bank’s leadership is under investigation. The events leading up to the shutdown saw a large volume of investors withdrawing significant amounts of funds to ensure the safety of their assets. This mass withdrawal of funds, the loss of stock shares, and other internal issues will have lasting consequences on the US economy and other banks around the world.
Tech companies around the country had their beginnings backed by Silicon Valley Bank or with countless others relying on it for investments and lending. There are even cybersecurity companies (including those that specialize in higher ed tech), have ties with Silicon Valley Bank, causing headaches across all industries.
For many, the future is unstable and despite the losses and the turmoil, the situation will only get worse.
Unfortunately, hackers and malicious threat actors take advantage of vulnerable situations and thrive on chaos and economic disruption. We have already seen an uptick in malicious activity, including email scams and phishing, because of Silicon Valley Bank’s collapse and we expect this continue in the months ahead.
Banks, lenders, and the impacted companies are changing their banking information and then emailing customers to update their files accordingly. This provides a dangerous playing field for malicious attackers who are seizing the opportunity to release a campaign of emails, text messages, phone calls, and more to provide false, or misleading information.
For example, you could receive an email from an assumed business partner, lender, or bank providing you with new routing and account numbers, stating they have moved assets from Silicon Valley Bank. This information may be a scam and the information provided may not be legit. This communication must not be handled carelessly, and each message needs to be verified to prevent unauthorized access, disclosure, and financial fraud.
Security Tips from OculusIT
With the Silicon Valley Bank collapse becoming the paradise for most fraudulent attacks, OculusIT is here with our top tips to help you keep safe in this daunting situation.
Here are a few tips to help prevent individuals from falling victim to scams:
- Never provide information over the phone from someone who has called you, instead, look up the caller’s business and call them directly.
- Voicemails that leave a number to call them back, may also be malicious. Again, look up whom you want to contact and call them directly.
- Do not click on links contained within an email as these could be phony sites made to look legitimate. Instead, use a web browser and navigate directly to the site you want to visit.
- Pay careful attention to the sender of the email and treat every email as a potential phishing attempt.
- Report anything suspicious to your Information Technology or Information Security Department immediately.
Individuals are not the only ones at risk for these scams. Industries across the globe, including higher education, are witnessing these types of attacks. Therefore, institutions should have adequate technical security and administrative safeguards in place to ensure the security of their environments. These safeguards and controls should include:
- 24×7 SIEM monitoring backed by an experienced Security Operations Center to ensure all activities are tracked proactively.
- Should ensure that periodic Vulnerability Assessments and Penetration Testing are performed.
- Risk assessments should guide the information security program and they should be conducted regularly to review the current posture and identify gaps or weaknesses.
- Hardening Standards should be enforced using industry standards.
- Security policies and procedures should be established and maintained accordingly.
Incidents like the Silicon Valley Bank collapse present a significant opportunity for cyberattacks. However, you and your team can make sure that your institution won’t be negatively affected. Knowledge about cybersecurity and deploying the right security strategies and tools is what is needed.
Want to learn more about how your institution can additional security measures effectively manage this emerging situation? Contact us.
About the Author, Brian Cornell
The majority of Brian Cornell’s 20-year technology and cybersecurity leadership career has been spent supporting Higher Education Institutions to develop and mature their information security programs. He has extensive experience providing policy guidance, risk assessments, and strategic planning aimed to protect and secure institutional assets. As Chief Information Security Officer at OculusIT, Brian’s deep knowledge of security frameworks and compliance requirements supports our clients in the improvement and advancement of their security goals and initiatives.