WASHINGTON — Federal regulators issued a statement Tuesday reminding banks how they can protect themselves from cyberattacks.
"In light of recent cyber attacks," financial institutions should "actively manage the risks associated with interbank messaging and wholesale payment networks," the Federal Financial Institutions Examinations Council said.
The document, which lists a series of critical steps banks should take to protect themselves and consumers, comes after revelations that the payments messaging system Swift had been used by hackers in an attempt to retrieve close to $1 billion from Bangladesh's central bank in February. More banks were later identified as targets of hackers through the Swift network.
This has already led some large and regional banks, like JPMorgan and First Horizon, to assess their vulnerabilities through the network.
In its statement, the FFIEC highlighted "specific risk mitigation techniques related to cyber attacks exploiting vulnerabilities and unauthorized entry through trusted client terminals running messaging and payment networks."
Financial institutions should take the following measures, the FFIEC said:
- Conduct ongoing information security risk assessments
- Perform security monitoring, prevention, and risk mitigation
- Protect against unauthorized access
- Implement and test controls around critical systems regularly
- Manage business continuity risk
- Enhance information security awareness and training programs
- Participate in industry information-sharing forums
The FFIEC's letter was issued on behalf of its members — representatives of the Federal Reserve Board, the Federal Deposit Insurance Corp., the Consumer Financial Protection Bureau, the National Credit Union Administration, the Office of the Comptroller of the Currency and the State Liaison Committee.