FFIEC Issues Joint Statement Regarding Cyber Attacks Involving Extortion

OCC FFIEC Risk Management Privacy/Cyber Risk & Data Security

On November 3, the FFIEC issued a statement notifying financial institutions of the increasing frequency and severity of cyber attacks involving extortion. The joint statement urges financial institutions to take steps to ensure effective risk management programs, including but not limited to the following: (i) conducting ongoing information security risk assessments; (ii) performing security monitoring, prevention, and risk mitigation; (iii) implementing and regularly testing controls around critical systems; and (iv) participating in industry information-sharing forums. The statement identifies resources financial institutions can refer to for assistance in mitigating cyber attacks involving extortion.

The OCC also published a bulletin alerting all OCC-supervised institutions of the FFIEC’s joint statement.