Cybersecurity Rises to Top of List at FFIEC

 

Enterprise Risk Management CEO Advises Financial Institutions to Prepare Now

(Miami, June 11, 2013) Cybercrime and “hacking” have reached epidemic proportions, but it’s not clear who’s winning the cyber wars. While corporations are primarily targeted for intellectual property, banks, health care providers, and retailers face continual breaches of their databases, putting thousands of customers at risk for financial fraud and identity theft.

Enterprise Risk Management CEO Silka Gonzalez advises clients, and especially financial institutions, to prepare now for more rigorous examinations and to toughen their internal security. “It’s not enough today to just have a firewall and an anti-virus program,” Gonzalez explained. “You need to make sure that your employees are trained to protect your sensitive data and that access to that data is limited.” Employees have become the weakest link in the security chain.

Gonzalez recommends that all organizations, and especially banks, perform “social engineering” tests. This provides the institutions with a training opportunity, once they see how easily their employees are unintentionally “fooled” into providing sensitive data to outsiders. Most companies are surprised to find out how vulnerable they are internally.

The FFIEC (Federal Financial Institutions Executive Council), recognizing the growing sophistication and volume of cyber attacks and the global importance of critical financial infrastructure, announced the formation of a working group to coordinate efforts and improve communication on issues of critical infrastructure and cybersecurity. Participating in the working group will be the FFIEC’s Information Technology Subcommittee of the Task Force on [financial} Supervision, the Financial and Banking Information Infrastructure Committee, the Financial Services Sector Coordinating Council, and the Financial Services Information Sharing and Analysis Center.

“Given the unlimited resources of the organized criminal groups that perpetrate the vast majority of financial cybercrime,” Gonzalez emphasized,, “ a coordinated approach with strong communication among regulators and and financial institutions is critical.”