Back to Blog

FDIC and OCC Joint Statement on Cybersecurity Key takeaways – Part 1

By Finosec

May 25, 2021

Get notified on new insights from Finosec now!

Be the first to know about new Finosec blogs to grow your knowledge of the cybersecurity governance industry today!

The FDIC and OCC put out a joint statement on heightened cybersecurity risk concerns. This ‘heightened’ concern has bubbled up from the worries in the Middle East and Iran. In our nation’s history, oceans have been one of our primary defenses, but in today’s interconnected world, barriers for state-sponsored cyberattacks are removed. In the past several weeks, we have seen several updates from the Department of Homeland Security, FBI, and in this case, regulatory agencies.

As an industry, we tend to make technology over complicated and it is even worse in cybersecurity. Our mission at Finosec is to simplify information security and cybersecurity management in banking. The regulators highlighted three areas: Response and Resiliency, Authentication and Access Management, and Cyber Hygiene. I want to focus on the response and resiliency section today. The big takeaway is we have to change our mindset from if we get compromised to when. How does your team answer these questions?

  1. Do we have contact information for law enforcement (FBI, Secret Service, local)
  2. Does our cyber insurance contract include a breach coach? Do we have the contact information?
  3. Does our cyber insurance include resources for forensics? Have we defined what vendor we are going to use?
  4. When was our last incident response test? Were the right people included? When is our next test scheduled?
  5. Sheltered Harbor is referenced, does our core processor have a solution? Are we or should we be leveraging it?
  6. What’s the status of our backups? Is there any connectivity on our operational systems to our backups where they could be compromised in an attack?

If you have six minutes more, I recorded a video summary on the statement as well, which you can watch here: FDIC FIL Joint Statement

More from Finosec

Integrating FFIEC Authentication Guidance: A Blueprint for Your Next Exam With Insights from Recent Regulatory Actions

Integrating FFIEC Authentication Guidance: A Blueprint for Your Next Exam With Insights from Recent Regulatory Actions

The Federal Financial Institutions Examination Council (FFIEC) Authentication Guidance update in August 2021 has marked a significant step towards enhancing authentication and security access measures within financial institutions. This update expanded upon previous handbooks from 2005 and 2011, emphasizing a broader scope that now includes employees, third-party vendors, and system-to-system communications via APIs.

The Best Defense Against Ransomware

The Best Defense Against Ransomware

Beth Sumner, our VP of Customer Success, recently had the opportunity to discuss ransomware attacks and the importance of community bankers staying vigilant against these crimes in Independent Banker.  While the number of ransomware attacks continues to increase, so do the sums demanded by the attackers.

Succession Planning: Essential for Sustaining Information Security

Succession Planning: Essential for Sustaining Information Security

In today’s world where cyber threats evolve rapidly, the challenge of replacing an Information Security Officer (ISO) underscores a critical issue: the cybersecurity job market is scorching, yet talent is scarce. This gap has turned recruitment into a high-stakes game for financial institutions, where the departure of an ISO exposes vulnerabilities and regulatory risks. With remote work expanding the competition for skilled professionals, the importance of strategic succession planning has never been more acute, ensuring that institutions remain fortified even in the face of staffing changes.

Talk To An Expert Now
Talk To An Expert Now 770.268.2765