Links in “Cybersecurity/Data Breaches”
- FFIEC Advisory on Heartbleed Issue
The FFIEC issued a press release on the heartbleed bug requires FIs and third-party service providers to those FIs to incorporate patches on systems and services, applications, and appliances using OpenSSL and upgrade systems as soon as possible to address the significant vulnerability. [4/11]
- Heartbleed: Worst Bug Ever?
Some experts are calling the Heartbleed bug the worst bug ever, in terms of the vastness of its reach and the sensitivity of the information potentially exposed. [4/10]
- “Unlimited” Withdrawals: 12 Stolen Debit Cards = $40 Million Breach
FFIEC's statements last week take a look at cyber-attacks on ATMs and card authorization and DDoS attacks on websites. In one, hackers targeted ATMs by installing malware that allowed for unlimited withdrawals, beyond the available balance, resulting in $40 million in fraud using only 12 stolen debit accounts. [4/9]
- The Push for Retailers to Pay for Data Breaches
ICBA and retailers take the fight to Fox Business news in this video. [4/9]
- DDoS Attack Hits Core System Provider
Distributed denial of service attack strikes Ellie Mae, a provider of core operating systems to mortgage originators, for two days last week. Attack comes on the heels of an FFIEC warning to financial institutions about DDoS attacks. [4/7]
- Multi-state Probe of Security Breach at Experian Subsidiary
Social security numbers of some 200 million people may have been breached. [4/4]
- FFIEC Releases Statement on ATM Cyber-Attacks
FFIEC issued a statement on risks associated with cyber-attacks on ATMs and card authorization systems as well as the risks from distributed denial of service (DDoS) attacks on public facing websites. They emphasized the need for monitoring, controls, and response management to achieve sufficient readiness. [4/4]
- Guard Your ATMs
The NCUA and other regulatory agencies recently issued new guidance on what institutions can do to combat the increasing risk of security attacks on ATMs and other card authorization systems. This guidance contains new cyber security standards that institutions are expected to meet. [4/3]
- Big Chill: What if Target Were Better Prepared Than Most Retailers?
Author submits that Target's preparations were better than most of its peers; the problem lies not with Target, but with the current state of threat intelligence and incident response. [4/3]
- OCC Speech on Operational Risk
Key points on operational risks and impact on FIs including needs for promoting enterprise risk management approach to operations, managing cyber threats, managing third-party risks, and regulatory risks. [3/28]
