State regulators, in collaboration with the Bankers' Electronic Crimes Taskforce and the U.S. Secret Service, this week released an updated Ransomware Self-Assessment Tool (R-SAT) for banks to help mitigate new risks associated with ransomware attacks and identify security gaps.

The new version updates the R-SAT originally released in 2020 due to evolutions in the ransomware threat environment, bad actor tactics and changes in bank environments and controls. The revised R-SAT incorporates insights from cybersecurity experts, feedback from financial institutions and lessons learned from analyzing real-life ransomware attacks.

While financial institutions may have good cybersecurity practices in place, rapid advancements in ransomware techniques and the potentially devastating consequences of a successful attack require every financial institution to review and update their ransomware-specific controls. The updated R-SAT places an increased emphasis on topics such as multi-factor authentication, employee awareness and security training, cloud-based systems or activities, and the identification of control risks that have not been mitigated to an acceptable risk level.

An industry-wide webinar hosted by the Conference of State Bank Supervisors briefed bankers on the updated tool, covering the specific changes to the R-SAT, research and insights from the industry that led to these changes and how banks can most effectively leverage the tool to protect their institution and customers.

State regulators continue to be proactive and adaptive to the needs of the diverse banking system. Updates to the R-SAT 2.0 are yet another example of state regulators empowering their institutions with the tools to ensure our financial system remains safe, sound and resilient.

Visit www.csbs.org/ransomware-self-assessment-tool for more information on the R-SAT 2.0 and how to implement it at your institution.