WASHINGTON — Federal regulators issued a statement Tuesday reminding banks how they can protect themselves from cyberattacks.
"In light of recent cyber attacks," financial institutions should "actively manage the risks associated with interbank messaging and wholesale payment networks," the Federal Financial Institutions Examinations Council said.
The document, which lists a series of critical steps banks should take to protect themselves and consumers, comes after revelations that the payments messaging system Swift had been used by hackers in an attempt to retrieve close to $1 billion from Bangladesh's central bank in February. More banks were later identified as targets of hackers through the Swift network.
-
The drumbeat of news about hackers stealing millions of dollars by gaming the Swift interbank messaging system should have been a wake-up call for banking executives, but it's unclear how many of them answered it. Is it too late for them to shore up their defenses?
June 1 -
A recent spate of breaches on Asian banks that allowed hackers access to the Swift network have resulted in finger pointing, and some calls for creating a new, more secure network. But the issues faced by Swift would likely be the same with any replacement network.
May 29 -
The rub is that the global messaging system's security is only as strong as the weakest link.
May 13
This has already led some large and regional banks,
In its statement, the FFIEC highlighted "specific risk mitigation techniques related to cyber attacks exploiting vulnerabilities and unauthorized entry through trusted client terminals running messaging and payment networks."
Financial institutions should take the following measures, the FFIEC said:
- Conduct ongoing information security risk assessments
- Perform security monitoring, prevention, and risk mitigation
- Protect against unauthorized access
- Implement and test controls around critical systems regularly
- Manage business continuity risk
- Enhance information security awareness and training programs
- Participate in industry information-sharing forums
The FFIEC's letter was issued on behalf of its members — representatives of the Federal Reserve Board, the Federal Deposit Insurance Corp., the Consumer Financial Protection Bureau, the National Credit Union Administration, the Office of the Comptroller of the Currency and the State Liaison Committee.
