-
A long-awaited bill to enhance cybersecurity information sharing has taken a major step forward.
March 26 -
At a recent conference, industry leaders including Pawlenty of the Financial Services Roundtable and Ellen Richey of Visa spoke of the security basics banks still overlook.
March 30 -
Hackers in several financial services industry data breaches targeted customer-contact information that is often thought of as less sensitive. But crooks can use that data and other bits of stolen info to do great harm.
February 10
The Federal Financial Institutions Examination Council issued two warnings today against cyberattacks on financial institutions and suggested ways banks can prepare for new onslaughts.
According to the group of government agencies, cyberattacks have increased in both frequency and severity the last two years. Cyber criminals can use stolen credentials to commit fraud or identity theft, modify and disrupt information systems, and obtain, destroy, or corrupt data, the regulators pointed out. Also, cyber criminals often introduce malware to business systems through e-mail attachments, by connecting infected external devices, such as USB drives, to computers or networks, or by introducing the malware directly onto the business systems using compromised credentials.
According to the FFIEC, financial institutions should:
- Securely configure systems and services;
- Review, update, and test incident response and business continuity plans;
- Conduct ongoing information security risk assessments;
- Perform security monitoring, prevention, and risk mitigation;
- Protect against unauthorized access;
- Implement and test controls around critical systems regularly;
- Enhance information security awareness and training programs; and
- Participate in industry information-sharing forums, such as the Financial Services Information Sharing and Analysis Center.