Links in “Cybersecurity/Data Breaches”

The Federal Financial Institutions Examinations Council (FFIEC) announced that it is launching a pilot program in which it will assess the sufficiency of the financial institution’s cybersecurity policies and procedures. The Council stated that, of the 500 financial institutions to be reviewed, half will be credit unions of various assets sizes. [7/2/14]

Smaller banks and credit unions that lack the cybersecurity resources of the megabanks are not, nevertheless, excused from putting in place an adequate program to fight cyber risk. Regulators are now piloting cybersecurity assessments for more than 500 community-sized institutions. [6/30/14]

A new survey by the ATM network Pulse reveals that credit unions experienced higher losses than other financial institutions as a result of the Target breach.  The data shows that 14% of credit union debit card fraud in 2013 was tied to the Target breach. [6/25/14]

While the financial services industry is making substantial investments in cybersecurity, two bills making their way through the Senate that would enhance coordination with the Federal government's cybersecurity efforts are also needed, according to the ABA. [6/25/14]

The Federal Financial Institutions Examination Council (FFIEC) today launched a web page on cybersecurity. The page is a central repository for current and future FFIEC-related materials on cybersecurity. The FFIEC Web page provides links to joint statements, webinars, and other information that may help financial institutions when thinking about the issue of cybersecurity. [6/25/14]

It may have disappeared from the headlines, but the Heartbleed bug has far from disappeared. Two months after it was discovered, at least 300,000 servers remain vulnerable. [6/24/14]

Cybercrimes are taking their toll, with consumers losing confidence in financial institutions. 29% of U.S. consumers use their replacement cards less as a result of a fraud or breach. [5/23/14]

An employee of a business customer of BankSouth apparently fell for a phishing scheme, which allowed the bad guys to learn the user name and password of the employee. The business declined to use bank-offered "dual controls," which would require two separate employees to complete the transfer action, for the sake of convenience. When the business lost $588,000 in a cyberheist, it sued the bank and not only lost, but the court has said the bank can now pursue its legal fees against the customer. [6/23/14]

Bank of England spearheads an initiative called CREST, an effort to create a controlled environment for testing uncontrolled cyber-attacks. [6/11/14]

You remember the scene: Russell Crowe as math student John Nash in the film A Beautiful Mind. Suddenly, Nash is struck with his "governing dynamics" theorem—that competitors would be far more successful if they all went after different "targets."

While most of the cybersecurity talk is focused toward large financial institutions, what governing dynamics theory tells us is that mid-size and smaller institutions are actually more attractive targets because malefactors presume that their security measures may not be as robust and they are not being pursued by other predators. Jane Pannier describes what measures to take to defend your institution. [6/10/14]