The Federal Financial Institutions Examination Council (FFIEC) has recently updated the October 2018 Cybersecurity Resource Guide to stay up to date with the changing cybersecurity landscape. The resources in the Cybersecurity Resource Guide offer information on various cybersecurity risks and can help financial institutions understand supervisory expectations, raise awareness of cybersecurity risks, and better assess and mitigate risks.
The FFIEC and its members understand that financial institutions greatly depend on information technology for most, if not all, of the business processes they perform and the services they deliver. Information technology allows financial institutions to take advantage of greater opportunities to perform complex tasks with less work and provide robust products to their customers. Because of these opportunities, the level of IT dependence continues to grow.
Threat actors also recognize this dependence on technology and work to exploit it. Ransomware is one ongoing threat that seeks to take advantage of the ever-growing dependence on technology. The FFIEC understands that this threat is real, and incidents of ransomware are on the rise. To help combat this threat, the FFIEC has updated its Cybersecurity Resource Guide to offer resources targeted at ransomware. The guide now includes links to Cybersecurity and Infrastructure Security Agency (CISA) ransomware resources as well as the Conference of State Bank Supervisors (CSBS) Ransomware Self-Assessment Tool.
Information technology is not disappearing from the financial institution landscape. It is intertwined into our business processes and offerings. Threats and risk, likewise, are part of the landscape. The FFIEC provides the resource guide to assist in financial sector resilience. It can be found at https://www.ffiec.gov/cybersecurity.htm.