The recent devastating events that led to the closure of Silicon Valley Bank will most likely have compounding effects on their clients. Even before these recent events, SVB’s tech clients were already prime candidates for cyberattacks. This is due to the combination of sensitive private information and intellectual property that they hold, as well as their abundant use of technological products and services that increase their attack surfaces.
The new reality that SVB’s customers woke up to on March 10 will likely increase their cyber risk. Anticipating their state of uncertainty and reduced funding, attackers will be on the lookout for companies affected by the SVB demise and will be targeting them in the weeks and months ahead.
The difficulties tech companies face in light of these events can be broken down into five categories which sum up the ripple effect of chaos on the security of an organization.
1. Insider Threats
Shrinking budgets and job uncertainty are in the immediate future for many of SVB’s clients. The drop in employee satisfaction and job security could lead to some potentially damaging behaviors. If salaries or benefits are affected, these companies may discover insider threats in the form of disgruntled employees who could exploit sensitive private information locked in the companies’ systems.
2. Infrastructure Disruptions
A bank’s unexpected shutdown inevitably causes infrastructure disruptions that impact clients and organizations reliant on the bank’s services. For example, if a bank’s digital payment platform is down, this will impact businesses’ ability to process payments. This type of damage to business continuity will serve as an entry point for cybercriminals waiting to strike in the aftermath of SVB’s closure.
3. Lack of Regulatory Compliance
SVB’s exit from the finance arena may mean that its clients and other entities involved with it will no longer comply with regulatory requirements related to their financing. The situation could be exacerbated because SVB customers could very well be forced to reduce staff, which means that it will be harder for these companies to have the necessary resources to adequately comply with regulations.
4. Rise in Cyber Insurance Rates
In the coming weeks, SVB’s former clients may be required to reapply for their cyber insurance, receive new policies with various changes to their coverage, and will likely see their premium prices rise. Unfortunately, combined with their dwindling budgets, the rise in insurance costs may price out tech companies affected by SVB’s going out of business.
5. Reputational Damage
Silicon Valley Bank’s demise has a resounding effect on the companies associated with it. For early-stage startups and young companies just earning their customers’ trust, being financed by SVB may raise a red flag and cause clients to question their trust in the company. This potential hysteria is true for investors as well and may lead to fewer investment opportunities until the dust settles.
Difficulties Lead to Increased Cyber Risk
The five potential outcomes of the SVB situation have put the bank’s clients and the greater tech community at increased risk of cyberattack. Attackers will likely focus their efforts on startups’ finance teams and leverage the current climate of uncertainty in the banking sector that is affecting finance departments across the board.
Under such conditions, these are the types of attacks malicious actors are likely to attempt:
- Phishing attacks may be used because they can be effective in times of uncertainty, when employees are more susceptible to slipups. These will take the form of impersonating company officials or bank officials and may look like an attempt to help finance departments execute banking tasks.
- Business email compromise (BEC) campaigns that involve impersonating executives or other trusted individuals in an organization may be used by attackers to trick employees into making fraudulent payments or revealing sensitive information.
- Fake social media accounts may also spring up across different platforms to lure in employees and get them to disclose personal information.
Next Steps
SVB’s clients which now face added security risks and tech companies affected by the bank abruptly going out of business will need to adjust their security practices with these considerations in mind:
- With malicious actors targeting SVB-affected entities, businesses should remain vigilant and proactive in their approach to cybersecurity, and work with trusted partners to help manage their risk.
- With less money to spend on security tools, companies should invest in security providers that cater to their security processes and procedures.
- With smaller security teams and fewer people allocated to security tasks, businesses should put their money into solutions that help them prioritize their risks.
- With management dealing with the loss of a creditor, investors pulling out and other business critical issues, companies should invest in a security solution that simplifies the risk landscape and helps make clear, accurate and immediate security decisions.
- Companies should ease the uncertainty felt in their ecosystems by communicating the effects of the SVB situation to their customers and employees and sharing the company’s course of action at this time.
Want to learn more about how to protect your organization from cyber threats? Contact us.