The Federal Financial Institutions Examination Council (FFIEC) is updating their cybersecurity guide for banks after they carried out a cybersecurity assessment pilot program this past summer, finding that a variety of ‘connection types’ can introduce a potential entry point for attacks. Their pilot program analyzed 500 financial institutions and assessed how prepared they are in the event of a cyber attack.
Featured Download: Social media access at work. Do your employees know the rules?
Another reason for an update to bank security guidance is how technology has evolved in financial services, from the widespread use of ATMs in the 1980-90s to web-based banking and mobile banking today. The advent of mobile payments (e.g. Apple Pay) is another era changing the financial industry and presenting new, possibly unknown, risks, as the FFIEC explained in a webinar, Executive Leadership of Cybersecurity: What Today’s CEOs Need to Know About the Threats They Don’t See (PDF).
The specific points of entry within a bank (and any organization) that are often targets of attack include virtual private networks (VPNs), wireless networks, telnet/File Transfer Protocol (FTP), local area networks that connect to other networks or Internet service providers, and bring your own devices (BYOD).
The FFIEC also points out inherent risks that can be found in each type of technology used by banks, including those used to support customers and employees – core systems, automated teller machines (ATMs), web and mobile-based applications, and cloud computing resources.
To learn about what cybersecurity controls the FFIEC recommends sysadmins use in order to counter these risks, please view the original article posted on Duo Security’s blog here.
By Thu Pham, Information Security Journalist, Duo Security | @Thu_Duo
Bio: Thu Pham covers current events in the tech industry with a focus on information security. Prior to joining Duo, Thu covered security and compliance for the infrastructure as a service (IaaS) industry at Online Tech. Based in Ann Arbor, Michigan, she earned her BS in Journalism from Central Michigan University.
About Duo Security
Duo Security is on a mission to provide advanced security solutions for organizations of all sizes. Duo’s innovative technology protects users, data and applications from credential theft and breaches with a focus on streamlined usability. The company was co-founded by CEO Dug Song, a major contributor to the security community, and CTO Jon Oberheide, expert cloud, mobile, and malware security researcher.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.