Links in “FFIEC”
- New Webpage Promotes Cybersecurity
The Federal Financial Institutions Examination Council (FFIEC) today launched a web page on cybersecurity. The page is a central repository for current and future FFIEC-related materials on cybersecurity. The FFIEC Web page provides links to joint statements, webinars, and other information that may help financial institutions when thinking about the issue of cybersecurity. [6/25/14]
- Risk Watch 14: How to Prepare for the New Cybersecurity Exam
The FFIEC recently announced the addition of a cybersecurity risk assessment to regular IT examinations. Join Jesse Boyer to learn how your institution can prepare for these exams which are beginning later this year. [5/22]
- A Closer Look at FFIEC’s Plans for New Cybersecurity Tests
OCC spokesperson provides more details about the joint agencies' recently announced plans for cybersecurity risk assessments, including timeframe, whether they'll be standalone exams or part of the safety and soundness exams, etc. [5/12]
- FFIEC Provides New Tools for Assessing Cybersecurity Risk
As part of yesterday's cybersecurity webinar, the FFIEC announced a vulnerability and risk-mitigation assessment along with a regulatory self-assessment or supervisory policies and processes to be used by FFIEC member agencies in making cybersecurity decisions to strengthen existing programs. The webinar also provided information on focus areas for management in assessing cybersecurity risks. [5/8]
- Risk Watch 10: DDoS Webinar
Big banks arenât the only financial organizations targeted by DDoS and now the FFIEC has issued guidance to ensure youâre prepared. In this free DDoS webinar, learn about how DDoS attacks impact your credit union, hear stories of attacks and new research that supports DDoS as a smokescreen for breaches including financial and data theft.
- A Look at FFIEC’s Alert on Heartbleed
NAFCU's recap of last week's FFIEC alert on the "Heartbleed" vulnerability. [4/14]
- Do You Know What You Need to Do About the Heartbleed Security Risk?
According to a statement from the FFIEC, credit unions and other financial institutions need to be in contact with their third party vendors to ensure that they are progressing towards addressing this latest risk to websites protected by OpenSSL encryption. The FFIEC statement recommends four steps that financial institutions should take , including requiring users and administrators to change their passwords after applying the OpenSSL patch, if applicable. CUNA Mutual has also issued a Risk Alert to its bond policy holders that provides further recommendations about communications with members. See also. [4/11]
- FFIEC Advisory on Heartbleed Issue
The FFIEC issued a press release on the heartbleed bug requires FIs and third-party service providers to those FIs to incorporate patches on systems and services, applications, and appliances using OpenSSL and upgrade systems as soon as possible to address the significant vulnerability. [4/11]
- “Unlimited” Withdrawals: 12 Stolen Debit Cards = $40 Million Breach
FFIEC's statements last week take a look at cyber-attacks on ATMs and card authorization and DDoS attacks on websites. In one, hackers targeted ATMs by installing malware that allowed for unlimited withdrawals, beyond the available balance, resulting in $40 million in fraud using only 12 stolen debit accounts. [4/9]
- DDoS Attack Hits Core System Provider
Distributed denial of service attack strikes Ellie Mae, a provider of core operating systems to mortgage originators, for two days last week. Attack comes on the heels of an FFIEC warning to financial institutions about DDoS attacks. [4/7]
