The US Federal Financial Institutions Examination Council (FFIEC) has released two statements about ways that financial institutions can identify and mitigate cyber attacks that compromise user credentials or use destructive software (malware). In addition, FFIEC provided information on what institutions can do to prepare for and respond to these threats.
In accordance with FFIEC guidance, institutions should:
- Securely configure systems and services;
- Review, update, and test incident response and business continuity plans;
- Conduct ongoing information security risk assessments;
- Perform security monitoring, prevention, and risk mitigation;
- Protect against unauthorized access;
- Implement and test controls around critical systems regularly;
- Enhance information security awareness and training programs; and
- Participate in industry information-sharing forums, such as the Financial Services Information Sharing and Analysis Center.