Regulatory agencies in the U.S. are increasingly concerned by ransomware attacks against financial institutions. The Federal Financial Institutions Examination Council (FFIEC) published a statement warning financial institutions of an uptick in the “frequency and severity of cyber attacks involving extortion.”
The statement noted that financial institutions should implement programs that “ensure the institutions are able to identify, protect, detect, respond to, and recover from these types of attacks.”
While the noting did not include new regulatory prescriptions, it reiterated the agency's previous guidance that financial institutions take precautions such as conducting ongoing information security risk assessments, securely configure systems, protect against unauthorized access, perform security prevention and risk mitigation, update cybersecurity awareness programs, test critical systems controls and responses, and participation in information-sharing forums.
