WASHINGTON — With cyber attacks on the rise, members of the Federal Financial Institutions Examination Council (FFIEC) Wednesday issued warnings to financial institutions.
Specifically, the FFIEC said all financial institutions should be aware of the risks associated with cyber attacks on ATM and card-authorization systems.
In addition, there is a continued danger of distributed denial of service (DDoS) attacks on public-facing websites. Cyber criminals have focused on gaining access to and altering the settings on Web-based ATM control panels used by small- to medium-sized financial institutions.
Regulators said they expect FIs to take steps to address this threat by reviewing the adequacy of their controls over information technology networks, card issuer authorization systems, ATM usage parameters and fraud detection processes. FFIEC members also expect financial institutions to have effective response programs to manage this type of incident.
DDoS Readiness
Financial institutions should address DDoS readiness as part of their ongoing information security and incident plans. Each institution is expected to monitor incoming traffic to its public website, activate incident response plans if it suspects that a DDoS attack is occurring, and ensure sufficient staffing for the duration of the attack, including the use of pre-contracted third-party servicers, if appropriate.
The FFIEC was established in March 1979 to prescribe uniform principles, standards and report forms, and to promote uniformity in the supervision of financial institutions.
The Council has six voting members: a Governor of the Board of Governors of the Federal Reserve System, designated by the Chairman of the Board; the Chairman of the Federal Deposit Insurance Corporation; the Chairman of the Board of the National Credit Union Administration; the Comptroller of the Currency; the Director of the Consumer Financial Protection Bureau; and the Chairman of the State Liaison Committee.
The Council's activities are supported by interagency task forces and by an advisory State Liaison Committee, comprised of five representatives of state agencies that supervise financial institutions.
