The Federal Financial Institutions Examination Councils released a statement Tuesday warning financial institutions about the increased frequency of cyber attacks involving extortion.
The statement alerted FIs to the specific risk mitigation and cited that “cyber criminals and activists use a variety of tactics such as ransomware, denial of service, and theft of sensitive business and customer information to extort payment or other concessions from victims.”
The statement also urges FIs to take the following steps:
- Conduct ongoing information security risk assessments
- Securely configure systems and services
- Protect against unauthorized access
- Perform security monitoring, prevention, and risk mitigation
- Update information security awareness and training programs, as necessary, to include cyber attacks involving extortion
- Implement and regularly test controls around critical systems
- Review, update, and test incident response and business continuity plans periodically
- Participate in industry information-sharing forums
Review the full, three-page statement to find additional resources and other important information about these types of cyber attacks.