​FFIEC Warnings Spotlight Malware, Compromised Credentials

The banking regulators today issued warnings to financial institutions about two “increasing” cyber threats: destructive malware and cyber attacks that compromise customers’ online credentials. The statements from the Federal Financial Institutions Examination Council do not contain any new regulatory expectations, the council said.

For malware attacks, FFIEC outlined how bankers should prepare to ensure business continuity. “An institution’s management is expected to maintain sufficient business continuity planning processes to ensure the rapid recovery, resumption, and maintenance of the institution’s operations after a cyber attack involving destructive malware,” the warning said.

FFIEC also warned that cyber criminals are increasingly targeting customers’ online credentials and account login information, which may be stolen through a variety of means. “Financial institutions should design multiple layers of security controls to establish several lines of defense and ensure that their risk management processes also address the risk posed by compromised credentials,” the council said.