OFFICIAL PUBLICATION OF THE PENNSYLVANIA ASSOCIATION OF COMMUNITY BANKERS

Pub. 3 2021 Issue 3

At the Annual Stockholders’ Meeting in May 2021, Ralph J. Sommers, Jr. will retire from the Board of Directors after serving Community Bank for 42 years. Following a stint in the United States Marine Corp, Ralph started his banking career in 1959 with Pittsburgh National Bank. He joined the First National Bank of Carmichaels in 1979 as Executive Vice President. In 1980, the First National Bank of Carmichaels had three offices, all in Greene County, and boasted footings of approximately $40 million. Ralph joined the Board of Directors of the First National Bank of Carmichaels in 1983. He became President & CEO in 1984 and Chairman of the Board in 1999 and held that position until 2019. He retired as Chairman in 2019 but remained as a director. When Ralph retires in 2021, he will have served in crucial leadership positions at Community Bank for an amazing 42 years. During the 42 years of his leadership, the Bank grew, changed, and prospered in many ways. One of his first decisions was to prepare the Bank for the future, so, in 1987, the First National Bank of Carmichaels changed its name to Community Bank, with much fanfare. This decision was a harbinger of his determination to build the Bank beyond Greene County. Ralph spearheaded the Bank’s expansion into Washington County. After opening an office in Washington in 1987, other offices followed in McMurray in 1994, Claysville in 1996 and the Southpointe Office in 2000. Then, in 2004, Community Bank expanded into the Allegheny County markets of Brookline and Brentwood. In 2008, a new Washington Office was constructed. But much more was underway than adding branches. Ralph led the Bank in its conversion from a federally regulated bank to a state-regulated bank in 2006. During his tenure as Chairman, in 2014, the Bank acquired First Federal Savings Bank and its subsidiary, Exchange Underwriters, an insurance agency. This added five offices, and the Bank’s assets grew to $850 million. At this time, the Bank also formed its holding company, CB Financial Services, Inc., registered with the SEC, and started to trade on NASDAQ. We welcomed Progressive Bank to the family in 2018, bringing the Bank to 24 branch offices and $1.3 billion in assets. Ralph was Chairman during the construction of the Ralph J. Sommers, Jr. Operations Center in the EverGreene Technology Park in Waynesburg, PA and the construction of the Barron P. (“Pat”) McCune, Jr. Corporate Center in Washington, PA. These facilities provided the Bank with modern appropriate housing for the ever-growing financial company. Ralph also, was very active in his community, serving as President of the Chamber of Commerce, on the local hospital board, and as the long-time Chairman of the Greene County Industrial Developments, Inc., among many other endeavors. In 2010, he was inducted into the Pennsylvania Association of Community Bankers’ Hall of Fame. All of Ralph’s friends readily give credit to Ralph’s beautiful family for much of his success. He has been married to his high school sweetheart and wonderful wife, Betty, for 61 years. They have three children, Brian, Lisa, and LeAnna, seven grandchildren, and three great-grandchildren. Ralph’s family is a constant source of pride and comfort for Ralph and undoubtedly has helped him through the many triumphs and tough times mentioned. Community Bank grew 35-fold over 42 years and adapted through all the vagaries of life to emerge today as one of the premier independent “community banks” in the mid-Atlantic region, thanks to Ralph’s leadership. The Community Bank family was always grateful for Ralph’s cool head, common sense, and courage in tough times. Thank you, Ralph J. Sommers, Jr., and may you enjoy your well-earned retirement with your family!

Strengthening Your Defenses Against Emerging Cyber Threats

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on email
Over the past year, cybercriminals have proven they are adept at taking advantage of the vulnerabilities stemming from changing work environments and increased usage of digital channels. As institutions continue navigating the risks and challenges of remote workforces, it is imperative to stay informed of existing and emerging cybercrime trends. A variety of scams have made recent news, many of which opportunistically seize upon pandemic-related topics. Your institution must be prepared to recognize and mitigate evolving cyber threats, including:
  • Social Engineering: We’ve seen a stark increase in social engineering campaigns as cybercriminals leverage the hardships of the pandemic, including increased levels of stress among employees. Many of these campaigns masquerade as being related to stimulus checks, unemployment benefits, or even vaccines. CSI’s 2021 Banking Priorities Executive Report revealed more than 80% of bankers identified some form of social engineering as the top cybersecurity threat of 2021.
  • Ransomware: Once installed, ransomware locks out the authorized user and encrypts the available data to hold for ransom. Since ransomware attacks pose little risk to the hacker, provide a speedy payout for criminals, and are perpetuated with relative ease and anonymity, institutions should remain on high alert to identify and combat these attacks. Ransomware can be crippling for institutions, especially if regular data backups are not maintained. Because this type of malware continues to be an attractive method of extortion, incidents of ransomware are growing — along with the maliciousness and sophistication of attacks.
  • Increased Surface Area for Attacks: Due to the size of today’s remote workforce, attackers are targeting home networks — which are typically much weaker than in-office networks — to gain access to corporate data. Employees’ personal devices are also often targeted, providing attackers with a base to operate from within home networks and allowing them to monitor or intercept secure traffic.
  • Credential Stuffing Attacks: In this type of attack, botnets conduct brute-force password attacks using compiled lists of stolen credentials against login interfaces. Recently, the FBI reported that credential stuffing accounted for 41% of financial sector cyberattacks.
  • Point of Sale (POS) Skim Attacks: POS skim attacks occur when a criminal copies card payment information using POS processing devices, which are used everywhere from ATMs to gas station pumps. Despite the massive transition to e-commerce during the pandemic, these types of attacks have continued as criminals use digital skimmers to steal payment information from e-commerce websites.
Emerging Cybercrime Trends for 2021 Although the threats discussed above indeed pose a risk to financial institutions and other organizations, there are several emerging cyber threats to consider as well. Institutions must stay vigilant, especially as many employees continue working remotely.
  • Supply Chain Attacks: This attack occurs when a bad actor targets a software vendor to deliver malicious code through seemingly legitimate products or updates. The recent SolarWinds breach is an example of a supply chain attack, which is becoming an increasingly popular method to distribute malware.
  • Virtual Private Network (VPN) Attacks: As remote work becomes the norm for many organizations, cybercriminals will likely continue VPN attacks in an attempt to gain access to corporate networks and data. Many home networks do not have proper passwords set up or lack security protocols, presenting vulnerabilities for criminals to target.
  • Cloud-Based Attacks: Many organizations are migrating more of their infrastructure to the cloud, prompting cybercriminals to shift more of their efforts to cloud-based attacks. Institutions must ensure their cloud infrastructure is securely configured to prevent harmful breaches.
Strengthening Security for Your Institution Financial institutions should consider the following strategies to protect their networks and customers while strengthening their cybersecurity posture.
  • Create Stronger Passwords: Institutions should enforce stronger password requirements for employees and customers to prevent unauthorized account access. Many organizations previously recommended 8-character, frequently changed passwords, but current best practices dictate using passwords consisting of 14 characters or more and changing them once per year or as needed.
  • Utilize Multi-Factor Authentication (MFA): True MFA — not just double passwords — should be used whenever possible. With MFA, multiple authentication factors are required to verify a user’s identity. This verification strengthens resiliency and prevents fraudsters from accessing an account solely by obtaining or cracking a password.
  • Enhance Employee Education: Your institution should enhance employee and customer education efforts. Instead of one annual training, provide frequent information that delivers both basic security principles and news about timely issues. Focus training is also recommended based upon an employee’s responsibilities and access rights. Employee education will also reinforce proper online conduct and normalize communicating with IT after encountering a potentially malicious link or other risk.
  • Secure Internet Access: It is critical to ensure proper network security for employee VPNs and their home networks. Encourage employees to use high-quality routers with strong network passwords, run current security protocols, and install up-to-date virus and malware protection on personal and corporate devices. Your institution should also review your policies for VPN access and removal, acceptable use of business devices, and any other relevant corporate policies.
Facing Future Cyber Threats As your institution navigates this new landscape, ensure the proper security controls are in place to enhance your risk mitigation and stay one step ahead of emerging cyber threats.

Tyler Leet serves as director of Risk and Compliance Services for CSI’s Regulatory Compliance Group.

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on email