On Tuesday, November 3, 2015, the FFIEC issued a joint statement on cyberattacks involving extortion. The premise of this memo is derived from the continued threat of an array of strategies used by cyber criminals (hacktivists, cyber terrorists, among others) on financial institutions in an attempt to compromise and hold sensitive data hostage. From there, they will allow these institutions to purchase the information back, which the attacker will release for a fee. These methods consist of ransomware, denial of service (DoS), or the theft of business or customer information. Often times, these schemes can result in significant financial impact to the attacked entities, which will still likely equate to less than the actual loss of the data or the regulatory fines related to consumer protection (or lack thereof). All of these attack vectors lead to significant risk in categories defined by the FFIEC, such as liquidity, capital, operational, compliance, and reputational.
It is key to train employees on social engineering red flags, and to avoid clicking suspicious links, as a malicious link can download hidden malware on a computer or network. Other methods of prevention are:
Train staff and customers on overall security awareness and relevant attacks;
Perform risk analysis;
Configure systems to industry best practices and patch when possible;
Perform log correlation and system analysis to identify potential anomalous behavior;
Test key controls both internally and independently;
Review incident response programs to ensure they encompass corporate account takeover (CATO), denial of service (DoS) and distributed denial of service (DDoS) attacks, malware, and the remediation techniques applicable to these attacks;
Share security related incidents and information with industry competitors (in this aspect, we are all on the same team) and law enforcement agencies.
If you have any questions about the information contained in either this post or the FFIEC’s statement, please contact either:
Related articles
Change Healthcare Attack: Ransomware Protection Measures for Healthcare Organizations
In light of the Change Healthcare attack, we explore why hackers target healthcare and how healthcare can defend against ransomware.
GraVoc Recognized on CRN MSP 500 List for Second Year in a Row
For the second year in a row, GraVoc has been recognized on the CRN® MSP 500 list in the Pioneer 250 category!
PCI SAQ Types: Which SAQ is Right for Your Business?
In this blog post, we provide an overview of the SAQ types for PCI DSS v4.0 and how to select a PCI SAQ that’s right for your business.