There are also those who have raised concerns that the two statements may indicate that the FFIEC has some knowledge of possible upcoming attacks. In either case, the FFIEC felt compelled to release these statements and financial institutions need to take action.
In accordance with FFIEC guidance, institutions should:
- Securely configure systems and services;
- Review, update, and test incident response and business continuity plans;
- Conduct ongoing information security risk assessments;
- Perform security monitoring, prevention, and risk mitigation;
- Protect against unauthorized access;
- Implement and test controls around critical systems regularly;
- Enhance information security awareness and training programs; and
- Participate in industry information-sharing forums, such as the Financial Services Information Sharing and Analysis Center.
The FFIEC statements can be accessed here:
Statement of Destructive Malware
Statement on Compromising Credentials
To stay up to date on financial institution trends and news, frequently visit our blog. To learn more about our online training solutions, contact us at firstname.lastname@example.org or (800) 222-9909.