Go to:

March 2019
< Feb Apr >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

FFIEC Releases Two Statements on Compromised Credentials and Destructive Malware
Tuesday, March 31, 2015 6:25 AM

Cyberattacks have increased in frequency and severity over the past two years. The attacks often involve the theft of credentials used by customers, employees, and third parties to authenticate themselves when accessing business applications and systems. So yesterday, the Federal Financial Institutions Examination Council released two statements about ways financial institutions can identify and mitigate cyberattacks that compromise user credentials or use destructive software, known as malware.

In addition, the FFIEC provided information on what institutions can do to prepare for and respond to these threats, like:

  • Securely configure systems and services;
  • Review, update, and test incident response and business continuity plans;
  • Conduct ongoing information security risk assessments;
  • Perform security monitoring, prevention, and risk mitigation;
  • Protect against unauthorized access;
  • Implement and test controls around critical systems regularly;
  • Enhance information security awareness and training programs; and
  • Participate in industry information-sharing forums, such as the Financial Services Information Sharing and Analysis Center.

The FFIEC also highlighted the resources that provide practical information for strengthening user awareness regarding safe online practices.

For more information, go to FFIEC site.