FDIC, OCC issue cybersecurity bulletin amid 'heightened' global risk
WASHINGTON — Federal banking regulators issued a cybersecurity warning to financial institutions late Thursday, citing a "heightened risk" environment amid global tensions.
"Implementing and maintaining effective cybersecurity controls is critical to protecting financial institutions from malicious activity, especially in periods of heightened risk," the Federal Deposit Insurance Corp. and Office of the Comptroller of the Currency said in a joint bulletin.
The news bulletin did not mention Iran by name, but the Department of Homeland Security warned U.S. businesses last week to expect heightened risk of cyber attack after a U.S. military strike killed senior Iranian military commander Qassem Soleimani. Some security experts also have warned that Iranian hackers may go after U.S. targets, including financial services companies, in retaliation for the Soleimani assassination on Jan. 3.
And just this week, the Federal Reserve Bank of New York warned that a major cybersecurity attack could cripple the U.S. financial system in a "pre-mortem" analysis of the industry's vulnerability.
The bulletin from the OCC and FDIC lists best practices for cybersecurity, including comprehensive user identification practices and backing up critical financial information onto secure servers.
"When banks apply cybersecurity risk management principles and risk mitigation techniques, they reduce the risk of a cyber attack's success and minimize the negative impacts of a disruptive and destructive cyber attack," the agencies wrote.