Threat Intelligence Blog

Posted November 10, 2014

 

FFIEC

As Cybersecurity Awareness Month wrapped up last week, we wrote about how big banks are encouraging law firms and third-party vendors to close the gaps in their security programs to avoid being targets of cyber criminals. We also noted how the Federal Financial Institutions Examination Council (FFIEC) suggested that small banks in particular take steps to reduce the risk of DDoS attacks.

After assessing potential security gaps in 500 community banking institutions (defined as those having $1 billion or less in assets), the FFIEC is now updating its Cybersecurity Guidance.

The update makes the following recommendations:

  • Engage your board of directors and senior management to ensure they understand cybersecurity risks;
  • Include cybersecurity issues in meetings;
  • Maintain situational awareness of threats and vulnerabilities throughout the organization;
  • Establish and maintain a dynamic control environment;
  • Manage connections with and to third parties; and
  • Develop and test business continuity and disaster recovery plans that incorporate cyber-incident scenarios.

In addition to the updated guidance, the FFIEC stressed the importance of community banks maintaining their situational awareness by using information sharing such as FS-ISAC. As Avivah Litan from Gartner noted, “Collaboration and sharing threat intelligenceThreat Intelligence: Evidence-based knowledge about an existing hazard designed to help organizations make inform decisions regarding their response to the threat. greatly increases the chances individual banks have of mitigating risk. The criminals typically attack multiple financial institutions using the same techniques, attack servers and malwareMalware: Software that is intended to damage or disable computers and computer systems.. The bad guys are definitely collaborating and cross-pollinating – and so should the good guys.”

Besides information sharing, the November 3 statement also discusses the need for cybersecurity preparedness and incident management. No matter the size of bank or type of third party vendor working with banks, regulatory organizations are stressing the need for tighter cybersecurity measures.

 

Learn how Cyveillance can help your organization mitigate its security risks with Cyber Safety Awareness Training or our Cyber Threat Center.

Additional Posts

Cyveillance Weekly Trends Report – November 11, 2014

Welcome to the Cyveillance Weekly Trends Report Since threat intelligence is constantly evolving, ...

Infographic: 10 Facts About Data Breaches You Need to Know

It seems not a day goes by lately without news of another data breach. With more than 78 million ...