FDIC & OCC issue Cyber Threat Warning to Financial Institutions
FDIC & OCC cite their top six controls for risk management. Does your firm have these in place?
The Federal Deposit Insurance Corporation (FDIC) and the Office of the Comptroller of the Currency (OCC) issued an interagency cyber threat warning, citing a “heightened risk” to financial institutions amid increased geopolitical tension. Financial firms should re-evaluate the adequacy of safeguards to protect against a cyber security risk and focus on risk management principles that can reduce the chance of a cyber-attack as well as minimize business disruptions.
No matter how sophisticated the security solution, it is unreasonable to expect it to reduce the risk of a cyber threat to zero. However, security solutions combined with proper cyber hygiene can greatly limit exposure. Additionally, firms must also focus on risk management controls including detection and response. It is not enough to just have an incident response plan, firms should perform full incident response simulation training and crisis management. This immersive simulation training will identify cracks in your cyber preparedness.
The FDIC & OCC joint statement stressed the importance of the following key controls for Risk Management.
- Response, resilience and recovery capabilities by (i) maintaining comprehensive resilience plans in order to respond and recover successfully from destructive cyber-attacks and (ii) establishing comprehensive system and data backup strategies;