FINOSEC President and CEO Zach Duke has spent a few minutes breaking down the Ransomware Self Assessment Tool. This tool was created by the Conference of State Bank Supervisors, and was crafted to help mitigate the risks associated with Ransomware. Furthermore, it serves as an effective communication piece that demonstrates to upper level management how the institution is actively being protected against this particular risk. Watch the short video below for what this tool includes and how it could serve you.
The FFIEC has released an update titled “Authentication and Access to Financial Institution Services and Systems.” It replaces two previously released FFIEC issued pieces: "Authentication in an Internet Banking Environment" released in 2005, and the "Supplement to Authentication in an Internet Banking Environment" released in 2011. The guidance has been expanded to include employees, third party vendors, and APIs with increased expectation in regards to controls and risk management. This update is clearly focused on an understanding of the threat landscape, having a current risk assessment, ensuring layered security, and a general increase in authentication implementation. Take a few minutes to watch FINOSEC President and CEO Zach Duke unpack this information.
The FFIEC AIO (Architecture, Infrastructure, and Operations) is an update to the operations handbook that was released on June 30, 2021. It doubles the size of the existing operations booklet released in 2004, and provides some considerable changes in regulatory expectations. It includes some expanded guidance from the previous booklet (on items such as hardware and software inventories, and environmental controls) as well as brand new areas of guidance (including increased accountability for board and senior management, third party risk management, and evolving technologies).
The sophistication of cyber attacks continues to grow. According to the Accenture Cost of Cybercrime Study, the average cost of a breach in financial services is $13 Million. As a financial institution, we have to be right 100% of the time while Cyber Criminals only need to be right once.
In our conversations with the over 100+ community banks during the ICBA ThinkTECH we saw time and time again that cybersecurity governance is complicated, labor-intensive, and leaves community bankers feeling overwhelmed. As we dove deeper into our discussions we found these three common challenges.
Kaseya provides IT Management Software to MSPs and IT Teams to improve efficiency and security. This week they were unfortunately the victim of a sophisticated cyber attack. Many organizations that use their product may be asking themselves, "what do I need to do to protect myself and my team?" Finosec has put together a video series to help guide you through the attack, next steps and what it means for your institution.
Finosec has been selected to be a part of the ICBA ThinkTECH Accelerator! The Accelerator is a 12-week program that allows community banks to engage with startup financial technology companies. This enables participants to engage with and learn more about innovative solutions. Meetings are facilitated by the Venture Center and participating community banks. To learn more about the program and sign up to take part in this first-of-its-kind opportunity click here.
The FDIC and OCC put out a joint statement on heightened cybersecurity risk concerns. This 'heightened' concern has bubbled up from the worries in the Middle East and Iran. In our nation's history, oceans have been one of our primary defenses, but in today's interconnected world, barriers for state-sponsored cyberattacks are removed. In the past several weeks, we have seen several updates from the Department of Homeland Security, FBI, and in this case, regulatory agencies.
The FDIC and OCC put out a joint statement on heightened cybersecurity risk concerns. This 'heightened' concern has bubbled up from the concerns in the Middle East and specifically, Iran. In our nation's history, oceans have been one of our primary defenses, but in today's interconnected world, barriers for state-sponsored cyberattacks have been removed. I spent some time discussing the 6 Questions to Answer in Part 1, and today I wanted to dive into Authentication.