The Federal Financial Institutions Examination Council (FFIEC) has recently updated the October 2018 Cybersecurity Resource Guide to stay up to date with the changing cybersecurity landscape. The resources in the Cybersecurity Resource Guide offer information on various cybersecurity risks and can help financial institutions understand supervisory expectations, raise awareness of cybersecurity risks, and better assess and mitigate risks.

The FFIEC and its members understand that financial institutions greatly depend on information technology for most, if not all, of the business processes they perform and the services they deliver. Information technology allows financial institutions to take advantage of greater opportunities to perform complex tasks with less work and provide robust products to their customers. Because of these opportunities, the level of IT dependence continues to grow. 

Threat actors also recognize this dependence on technology and work to exploit it. Ransomware is one ongoing threat that seeks to take advantage of the ever-growing dependence on technology. The FFIEC understands that this threat is real, and incidents of ransomware are on the rise. To help combat this threat, the FFIEC has updated its Cybersecurity Resource Guide to offer resources targeted at ransomware. The guide now includes links to Cybersecurity and Infrastructure Security Agency (CISA) ransomware resources as well as the Conference of State Bank Supervisors (CSBS) Ransomware Self-Assessment Tool. 

Information technology is not disappearing from the financial institution landscape. It is intertwined into our business processes and offerings. Threats and risk, likewise, are part of the landscape. The FFIEC provides the resource guide to assist in financial sector resilience. It can be found at https://www.ffiec.gov/cybersecurity.htm.

Written by: Joe Davis
Information Security Consultant - SBS CyberSecurity, LLC

SBS Resources: 

• {Blog} Top Six Controls to Mitigate a Ransomware Attack: Combating a ransomware scenario can be intense and stressful, so most organizations agree that it is better to stop the attack from happening in the first place. Learn more about the top controls that can be put in place to protect your network and data from a ransomware attack.
   
• Ransomware Toolkit: Advancing your cybersecurity program isn't always a walk in the park. SBS has created this Ransomware Toolkit to help take your cyber program to the next level. 

Related Certifications:

Join our growing community of financial service professionals showing their commitment to strong cybersecurity with a cyber-specific certification through the SBS Institute. Click here to view a full list of certifications.