On November 2, 2015, the FDIC released an activity for financial institutions surrounding its development of a “Cyber-Challenge.” This venture is designed for community banks and credit unions, and encourages them to discuss cyber risk tied to the acceptance that cyber risk has truly moved to a sect of overall business risk. Because of this cyber risk should be mitigated appropriately and seen as a priority within all businesses who use technology or maintain sensitive information.
Essentially, the FDIC has developed seven scenarios in which financial institutions should review and discuss appropriate next steps to recovering from the hypothetical incident. While this is not a regulatory requirement, it is encouraged that financial institutions take the appropriate steps to ensuring that their employees understand cyber risk, can identify red flags, and are familiar with escalation procedures of responding to an attack. We recommend that financial institutions who chose to take part in these scenarios document their involvement. The FDIC has designed these scenarios internally, and has published the training resources to their website so that they are publicly facing. This helps to make it much easier for financial institutions to access these materials, due to their being in a centralized resource location.
In addition, it should be noted that the FDIC released a financial institution letter, FIL-55-2015, targeted to community banks under $1 Billion in assets, which discusses cybersecurity being recognized as an operational risk and the importance of maintaining diligence in terms of technical security. In coordination with the FIL, the FDIC produced a two part video series tailored to bank Board of Directors, with the goal of familiarizing directors with common cyber-attack scenarios, buzz words, and major threat actors.
If you have any questions regarding this Cyber Challenge, please contact a certified GraVoc employee
Related articles
The NSA Cybersecurity Guide for Remote Workers
In this blog post, we cover a few key recommendations for remote workers from the NSA guide, ‘Best Practices for Securing Your Home Network.’
GraVoc Recognized on CRN’s 2023 MSP 500 List
CRN®, a brand of The Channel Company, has named GraVoc to its Managed Service Provider (MSP) 500 list in the Pioneer 250 category for 2023!
The Cybersecurity Implications of ChatGPT
Is ChatGPT a security risk? In this blog post, we explore the cybersecurity implications of ChatGPT, including the benefits and challenges.