By Jim Baird
Incident Response Plans (IRP) have been expected by banking regulators for years. But with the ever-increasing threats of cybercrime, malware, breaches, ransomware and other cyber threats, the expectations have morphed into having a far more robust, comprehensive, cyber-ready and tested IRP. Further, the Federal Financial Institutions Examination Council’s Cybersecurity Assessment Tool devotes an entire domain to the topic (Domain 5: Cyber Incident Management and Resilience).
Cybersecurity - Page 2
By Jim Baird
By Charles Cheatham
Today, bankers have more technology and more technology vendors providing services and support to their banks than ever before. Using third-party vendors can allow banks to reduce risk, control costs and focus more efficiently on achieving strategic goals.
By Stephanie Chaumont
As a security consultant, I have spent time talking with management and members of the boards of directors at several institutions. And I can tell you that they run the gamut of security-mindedness and technology knowledge. I have met directors who want to know what’s going on in the IT department and are well-versed in information security and cybersecurity threats; there are others who want nothing to do with anything IT-related. But board members now have an excellent resource to improve their knowledge: Overview for Chief Executive Officers and Boards of Directors, released last year with the Federal Financial Institution Examination Council’s Cybersecurity Assessment Tool.
By Tom Hinkel
Cybersecurity has become a topic of interest to every financial institution as regulators increase their focus on cyber risks and controls. Third-party relationships are often the weakest link in the cybersecurity chain, as a whopping 43 percent of companies had a data breach in 2014, according to Ponemon Institute. Subsequently, the release of both the Federal Financial Institutions Examination Council’s Cybersecurity Assessment Tool and the updated FFIEC Management Examination Handbook has heightened awareness of cybersecurity for the financial industry and the importance of accurate cybersecurity assessments.
By Robert Mendez
As a board member or a member of the bank’s executive team, understanding the levels of risk you’re accepting for your bank, your customers and for yourself is essential. CEOs and executives of non-banking firms, such as Target, have lost their jobs because they didn’t understand the cybersecurity risks their businesses were accepting. Bankers have additional concerns about financial risks and the penalties regulators may assess if cybersecurity risks are not being effectively managed by the board.
March 9 – Consumers increasingly rely on computers and the Internet for everything from shopping and communicating to banking and bill paying. While the benefits of faster and more convenient “cyber” services are clear, the strategies for preventing online fraud and theft may not be as well-known by many bank customers. That is why the FDIC has produced a special edition of the agency’s quarterly FDIC Consumer News (Winter 2016) entitled “A Bank Customer’s Guide to Cybersecurity.”
February 16 – Built to harvest the banking credentials of victims, the virulent Dridex Trojan is now one of the most dangerous pieces of financial malware in circulation, spread by massive spam campaigns that can overwhelm organizations hit by them. (more…)
February 12 – Several trade groups applauded President Barack Obama’s announcement of a Cybersecurity National Action Plan. (more…)
Mitigating Password Risk to Reduce Your Chances of a Data Breach
FEBRUARY 18, 2016 — 2 p.m. Eastern 1 p.m. Central 11 a.m. Pacific
CLICK HERE to register.
Passwords are the primary method of accessing financial networks and applications. They are also the primary way hackers gain unauthorized access to an organization’s data and systems.