With the potential for cyberattacks against the U.S. rising as a result of geopolitical tensions, the FDIC and OCC yesterday issued a joint statement reminding financial institutions of the principles of sound cybersecurity risk management. These principles include response and resilience capabilities; protection against unauthorized access; secure configuration of systems and services; data protection; and employee training.
The agencies emphasized that “while preventative controls are important, financial institution management should be prepared for a worst-case scenario and maintain sufficient business continuity planning processes for the rapid recover, resumption and maintenance of the institution’s operations.”
They noted that one step financial institutions can take is to ensure that their data backup and restoration practices are consistent with industry standards or frameworks such as Sheltered Harbor—an industry-led initiative created to protect customers, financial institutions and public confidence in banks in the event of a catastrophic cyberattack.