14 DAY TRIAL // As cyber-attacks have increased in number and sophistication level, the Federal Financial Institutions Examination Council (FFIEC) decided to take steps to raise awareness about digital security among financial institutions by launching a web page hosting related content.
The web location is designed as a central repository for content touching on identification, assessment and mitigation of cyber security risks. Various materials (joint statements, webinars) that will help financial institutions increase protection of their assets will be posted in the new location.
By adapting the security measures to the new threatscape, the council aims at preserving the public’s confidence in the U.S.'s financial sector.
“Financial institutions are increasingly dependent on information technology and telecommunications to deliver services to consumers and business every day. Disruption, degradation, or unauthorized alteration of information and systems that support these services can affect operations, institutions, and their core processes, and undermine confidence in the nation's financial services sector,” announced FFIEC in a press release, on June 24.
A pilot program has been initiated at over 500 community institutions to gather current information on the measures protecting them from digital risks.
State and federal regulators will focus on risk management and oversight, threat intelligence and collaboration, cybersecurity controls, service provider and vendor risk management, and cyber incident management and resilience.
Based on these details, the regulators can take informed decisions for increasing the performance of supervisory programs, guidance and examiner training.
The complexity of the cyber-attacks has reached a new height recently, when a group of cybercriminals breached the systems of a hedge fund and managed to spy on the trading strategy for a prolonged period of time.
The objective of the attack was not just to exfiltrate the trading strategy, but also to affect the activity of the firm by placing a delay on trade order execution.
As a consequence of the nefarious activity, the trading company recorded millions of dollars in losses, while the group behind the attack remains unidentified.
Penetrating the systems and profiting by the information collected shows that cybercriminal activity targeting the financial sector benefits from professional skills.
A year ago, the Cybersecurity and Critical Infrastructure Working Group was created by the FFIEC in order to improve communication between the council’s member agencies, as well as to continue strengthening the activities of other interagency and private sector groups.
Some resources have already been made available on the newly launched web page, offering access to the FFIEC Bank Secrecy Act/Anti-Money Laundering InfoBase.