2 min read
Measuring Cybersecurity That Matters: KRIs Every Financial Institution Should Track
For regulators, auditors, and your board, good cybersecurity isn’t just about having controls in place—it’s about proving they work. That’s where...
Incident Response
2 min read
Ransomware Trends in 2025
Back in May 2024, I wrote that there were signs ransomware might finally be on the decline. I have continued to monitor various sources regarding...
1 min read
A Strong Defense Wins Championships—and Protects Your Data
In football, it’s often said that defense wins championships. The same principle applies to information security: the strength of your defensive...
2 min read
Evaluating Incident Risk Severity Levels in Your Incident Response Plan
When a security incident occurs in a financial institution, one of the first and most critical steps is categorization. The speed and accuracy of...
1 min read
The Rising Threat of Deepfake Technology in Cybersecurity
In recent years, cybercriminals have expanded their toolkit beyond phishing emails and malware to include a newer, more sinister threat—deepfake...
2 min read
Incident Response Theater: Are We Just Playing the Role of Preparedness?
The curtain rises. The scene: a quiet sunny day on the teller line.
2 min read
Case Study: GNB Bank
Introduction Here at Bedel Security, we exclusively work with financial institutions to lead and provide strategy for their information security and...
2 min read
Beyond the 36-Hour Rule: Real-World Examples You Might Not Know About
Most community financial institutions are well aware of the 36-hour incident notification rule that went into effect in April 2022. But what’s not...
3 min read
Strengthening Cybersecurity with a Single Source of Truth
In the current cybersecurity landscape, organizations generate and rely on vast amounts of data from various tools, systems, and platforms. Without a...
2 min read
How Financial Institutions Can Get Ahead of 2025 Cybersecurity Exams
If you work in a bank or credit union, you already know the expectations have changed. Regulators aren’t just asking whether you have cybersecurity...