The U.S. Federal Financial Institutions Examination Council (FFIEC) — an interagency group that sets standards for the federal examination of financial institutions in the U.S. — issued a statement on Tuesday to alert financial institutions to “the increasing frequency and severity” of cyber attacks involving extortion.
Cyber attacks against financial institutions that aim to extort payments in return for the release of sensitive information are on the rise, the FFIEC cautions. “Financial institutions should address this threat by conducting ongoing cybersecurity risk assessments and monitoring of controls and information systems,” the council says in a statement. “In addition, financial institutions should have effective business continuity plans to respond to this type of cyber attack to ensure resiliency of operations.”
The FFIEC statement sets out the steps that financial institutions should take to respond to these attacks, and it highlights the resources that institutions can use to mitigate the risks posed by these sorts of attacks. In addition, financial institutions are encouraged to notify law enforcement and their regulators of a cyber attack involving extortion.