Banking Exchange Magazine Logo

FFIEC offers cyber attack resources

Agency emphasizes preparation

  • |
  • Written by  Website Staff
  • |
  • Comments:   DISQUS_COMMENTS
FFIEC offers cyber attack resources

The Federal Financial Institutions Examination Council issued two statements about ways that financial institutions can identify and mitigate cyber attacks that compromise user credentials or use destructive software.

The statements do not contain any new regulatory expectations, but are intended to alert financial institutions to specific risk mitigation related to the threats associated with destructive malware.

In addition, the Exam Council provided information on what institutions can do to prepare for and respond to these threats.

Cyber attacks have increased in frequency and severity over the past two years. The attacks often involve the theft of credentials used by customers, employees, and third parties to authenticate themselves when accessing business applications and systems.

Cyber criminals can use stolen credentials to commit fraud or identity theft; modify and disrupt information system; and obtain, destroy, or corrupt data.

Also, cyber criminals often introduce malware to business systems through e-mail attachments, connecting infected external devices, such as USB drives, to computers or networks, or by introducing the malware directly onto the business systems using compromised credentials.

Cyber guidance from Exam Council

In accordance with FFIEC guidance, institutions should:

• Securely configure systems and services.

• Review, update, and test incident response and business continuity plans.

• Conduct ongoing information security risk assessments.

• Perform security monitoring, prevention, and risk mitigation.

• Protect against unauthorized access.

• Implement and test controls around critical systems regularly.

• Enhance information security awareness and training programs.

• Participate in industry information-sharing forums, such as the Financial Services Information Sharing and Analysis Center.

Suggested resources from FFIEC

The Exam Council also highlighted the following resources that provide practical information for strengthening user awareness regarding safe online practices.

Federal Trade Commission’s On Guard Online

National Cyber Security Alliance’s Stay Safe Online

US-Cert Security Tip (STI-003) “Handling Destructive Malware

Joint security Awareness Report (JSAR-12-241-01B) “Shamoon/DstTrack Malware

National Institute Of Standards And Technology “Cybersecurity Framework”

US-CERT “Cyber Resilience Review”

NSA/CSS Information Assurance Directorate (MIT-001R-2015) “Defensive Best Practices for Destructive Malware”

Read the FFIEC’s two statements at:

Joint Statement On Destructive Malware

Joint Statement On Cyber Attacks Compromising Credentials

back to top


About Us

Connect With Us


Webinar: From KYC to IDV

How three leading banks are utilizing cutting-edge
digital tools to onboard, win, and wow customers

Time/Date: June 23, 2021 11:00 a.m. ET

Digital adoption, already moving at warp speed, accelerated seven years into the future during the COVID-19 pandemic. As the number of bank branches continues to fall, with at least one study predicting all branches will disappear by 2034 (Fox Business) and foot traffic declining (Vox), today’s most innovative banks are charting a new, digital-first path to win over customers while increasing security, meeting KYC compliance requirements, and winning customers to drive revenue.

In this webinar, you’ll hear from John Baird, Founder & CEO of Vouched, Tyler Crawford, COO of Bankers Healthcare Group, Anand Sathiyamurthy, CPO of Flagstar Bank and Daniel Sheehan, Chairman & CEO of Professional Bank as they describe their vision for digital transformation and how customer expectations are changing to digital first. They’ll also explore how fostering an innovation mindset creates new ways to tackle complex KYC problems and allows them to quickly compete in new markets and win customers.


This webinar is brought to you by:
Vouched Logo