Cybersecurity & Emerging Threats

New guidance from the Federal Deposit Insurance Corporation (FDIC) addresses specific risks relating to malware and cyber-attacks that banks should consider in their risk assessments. The FDIC notes the threats aren’t new, but the pace and frequency of cyber-attacks designed to obtain credentials for theft, fraud or business disruption are increasing. In addition, the guidance says banks should review the destructive malware used in cyber-attacks and take steps to identify, mitigate and respond to these types of attacks.

One industry watcher, Brian Krebs, reported on February 15 that the FBI had announced a $3 million award for information leading to the arrest and/or conviction of a Russian hacker believed to be the architect of the ZeuS banking Trojan, a piece of malware suspected of being used to steal hundreds of millions of dollars from bank accounts at small to midsize businesses in the U.S. and Europe. Reports indicate the base malware code was sold to other cyber criminals for several thousand dollars and could be customized for additional exploits.

Banks should review their risk assessments, evaluate their mitigation strategies, consider additional information security training for their employees and work with vendors under their vendor management programs to evaluate the threats and strategies throughout their IT infrastructure chain.

For more information, feel free to contact us.

The following two tabs change content below.
Ronald Hulshizer

Ronald Hulshizer

Ron has more than 25 years of experience helping companies with information technology (IT), security and financial accounting issues. Ron’s primary focus is providing internal audit IT and IT security services to financial institutions. Prior to joining BKD, Ron was with technology firms and was responsible for financial and operational aspects, including IT operations and data centers.
Ronald Hulshizer

Latest posts by Ronald Hulshizer (see all)

Leave a Reply

Your email address will not be published. Required fields are marked *