FFIEC warns about cyber attacks involving extortion and advises firms to include the issue in business continuity plans

• Print

Details

Published: Wednesday, 04 November 2015 08:59

The US Federal Financial Institutions Examination Council (FFIEC) has issued a statement alerting financial institutions to the increasing frequency and severity of cyber attacks involving extortion.

The statement describes steps financial institutions should take to respond to these attacks and highlights resources institutions can use to mitigate the risks posed by such attacks.

Cyber attacks against financial institutions to extort payment in return for the release of sensitive information are increasing says FFIEC. Financial institutions should address this threat by conducting ongoing cybersecurity risk assessments and monitoring of controls and information systems. In addition, financial institutions should have effective business continuity plans to respond to this type of cyber attack to ensure resiliency of operations.

Financial institutions are also encouraged to notify law enforcement and their primary regulator or regulators of a cyber attack involving extortion.