On November 2, 2015, the FDIC released an activity for financial institutions surrounding its development of a “Cyber-Challenge.” This venture is designed for community banks and credit unions, and encourages them to discuss cyber risk tied to the acceptance that cyber risk has truly moved to a sect of overall business risk. Because of this cyber risk should be mitigated appropriately and seen as a priority within all businesses who use technology or maintain sensitive information.
Essentially, the FDIC has developed seven scenarios in which financial institutions should review and discuss appropriate next steps to recovering from the hypothetical incident. While this is not a regulatory requirement, it is encouraged that financial institutions take the appropriate steps to ensuring that their employees understand cyber risk, can identify red flags, and are familiar with escalation procedures of responding to an attack. We recommend that financial institutions who chose to take part in these scenarios document their involvement. The FDIC has designed these scenarios internally, and has published the training resources to their website so that they are publicly facing. This helps to make it much easier for financial institutions to access these materials, due to their being in a centralized resource location.
In addition, it should be noted that the FDIC released a financial institution letter, FIL-55-2015, targeted to community banks under $1 Billion in assets, which discusses cybersecurity being recognized as an operational risk and the importance of maintaining diligence in terms of technical security. In coordination with the FIL, the FDIC produced a two part video series tailored to bank Board of Directors, with the goal of familiarizing directors with common cyber-attack scenarios, buzz words, and major threat actors.
If you have any questions regarding this Cyber Challenge, please contact a certified GraVoc employee
In this blog post, we discuss how outsourcing cybersecurity operations to a vCISO can help businesses, including SMBs, tackle the cybersecurity talent shortage.
In this blog post and video, we explore need-to-know privilege in cybersecurity and why it’s important for organizations to assign user permissions on a need-to-know basis.
In this blog post, we discuss the importance of email security for businesses and explore the VIPRE and Sendmarc email protection technology solutions.