FFIEC Issues Cyber Attack Guidance
On March 30, 2015, the Federal Financial Institutions Examination Council (FFIEC) released two statements responding to growing cybersecurity threats within the financial sector. The statements address cyber attacks that compromise credentials or use destructive malware. FFIEC has observed an increasing number of cyber attacks that capture client, employee or third party vendor information used to verify their identify. There is also an increasing number of cyber attacks that infect a user’s device with viral software.
The two statements offer guidance for financial institutions. Specifically, the FFIEC encourages firms to securely configure systems, review incident response plans, undertake risk assessments, monitor security, protect against unauthorized users, enhance training and engage in industry information sharing.
- FFIEC Press Release: http://www.ffiec.gov/press/pr033015.htm
- FFIEC Statement on Destructive Malware: http://www.ffiec.gov/press/pr033015.htm
- FFIEC Statement on Compromising Credentials http://www.ffiec.gov/press/pr033015.htm