Extortion via cyber attacks focus of FFIEC statement

NOV. 3, 2015 -- The increasing frequency and severity of cyber attacks involving extortion is the subject of a joint statement issued today by the Federal Financial Institutions Examination Council (FFIEC).

The statement by the FFIEC urges financial institutions to consider taking the following steps:

  • Securely configure systems and services.
  • Protect against unauthorized access.
  • Update information security awareness and training programs, as necessary, to include cyber attacks involving extortion.
  • Review, update, and test incident response and business continuity plans periodically.
  • Participate in industry information-sharing forums.
  • Perform security monitoring, prevention, and risk mitigation.
  • Implement and regularly test controls around critical systems.
  • Conduct ongoing information security risk assessments.

The FFIEC stated that its member agencies encourage financial institutions to notify law enforcement and their primary regulator or regulators of a cyber attack involving extortion.

“Cyber attacks against financial institutions to extort payment in return for the release of sensitive information are increasing,” the FFIEC stated in a release. “Financial institutions should address this threat by conducting ongoing cybersecurity risk assessments and monitoring of controls and information systems. In addition, financial institutions should have effective business continuity plans to respond to this type of cyber attack to ensure resiliency of operations.”

NASCUS President and CEO Lucy Ito said that state credit union regulators are committed to ensuring a safe and sound cyber environment for financial institutions. “The many programs and seminars that we have sponsored, and will be sponsoring in 2016 (including our Cybersecurity Symposium Aug. 1-2 in Chicago) are evidence of NASCUS’ on-going commitment to cyber security for the state credit union system,” Ito said.

NASCUS is a member of the FFIEC’s State Liaison Committee (SLC), which is a voting member of the FFIEC.

FFIEC joint statement on cyber attacks involving extortion

News Story Archive