FFIEC Releases Statements on How Financial Institutions Can Identify and Mitigate Cyber Attacks

FFIEC Privacy/Cyber Risk & Data Security

On March 30, the FFIEC announced two separate statements regarding cyber attacks at financial institutions: Statement on Destructive Malware and Statement on Compromising Credentials. The statements come in light of the growing number of attacks within the past two years and outline how financial institutions can ensure that the risk management processes and business continuity planning in place are sufficient for mitigating attacks and recovering from attacks that do occur. Noting the FFIEC’s existing guidelines for financial institutions, the report includes, but is not limited to, reminders to do the following: (i) securely configure systems and services; (ii) improve information security awareness and training programs; (iii) protect against unauthorized access to systems; (iv) participate in information-sharing forums; and (v) continually conduct information security risk assessments.