On November 2, 2015, the FDIC released an activity for financial institutions surrounding its development of a “Cyber-Challenge.” This venture is designed for community banks and credit unions, and encourages them to discuss cyber risk tied to the acceptance that cyber risk has truly moved to a sect of overall business risk. Because of this cyber risk should be mitigated appropriately and seen as a priority within all businesses who use technology or maintain sensitive information.
Essentially, the FDIC has developed seven scenarios in which financial institutions should review and discuss appropriate next steps to recovering from the hypothetical incident. While this is not a regulatory requirement, it is encouraged that financial institutions take the appropriate steps to ensuring that their employees understand cyber risk, can identify red flags, and are familiar with escalation procedures of responding to an attack. We recommend that financial institutions who chose to take part in these scenarios document their involvement. The FDIC has designed these scenarios internally, and has published the training resources to their website so that they are publicly facing. This helps to make it much easier for financial institutions to access these materials, due to their being in a centralized resource location.
In addition, it should be noted that the FDIC released a financial institution letter, FIL-55-2015, targeted to community banks under $1 Billion in assets, which discusses cybersecurity being recognized as an operational risk and the importance of maintaining diligence in terms of technical security. In coordination with the FIL, the FDIC produced a two part video series tailored to bank Board of Directors, with the goal of familiarizing directors with common cyber-attack scenarios, buzz words, and major threat actors.
If you have any questions regarding this Cyber Challenge, please contact a certified GraVoc employee
Related articles
Change Healthcare Attack: Ransomware Protection Measures for Healthcare Organizations
In light of the Change Healthcare attack, we explore why hackers target healthcare and how healthcare can defend against ransomware.
GraVoc Recognized on CRN MSP 500 List for Second Year in a Row
For the second year in a row, GraVoc has been recognized on the CRN® MSP 500 list in the Pioneer 250 category!
PCI SAQ Types: Which SAQ is Right for Your Business?
In this blog post, we provide an overview of the SAQ types for PCI DSS v4.0 and how to select a PCI SAQ that’s right for your business.