Banks warned of heightened cybersecurity risk in joint agency statement

Federally supervised banking organizations were warned Thursday of heightened cybersecurity risk amid current global tensions in a joint statement by two federal banking regulators.

“The Department of Homeland Security has indicated there is heightened risk of cyber-attack against U.S. targets because of increased geopolitical tension,” the Federal Deposit Insurance Corp. (FDIC) said in a bulletin it sent to supervised institutions. “The current environment provides an opportunity for banks to re-evaluate the adequacy of safeguards to protect against various types of cybersecurity risk.”

The joint agency statement, issued by the FDIC and the Office of the Comptroller of the Currency (OCC, which also issued a bulletin to institutions it supervises), refers banking institutions to the Interagency Guidelines Establishing Information Security Standards and the Federal Financial Institutions Examination Council (FFIEC) Statement on Destructive Malware (issued in 2015), and other FFIEC resources.

“When financial institutions apply these principles and risk mitigation techniques, they reduce the risk of a cyber attack’s success and minimize the negative impacts of a disruptive and destructive cyber attack,” the agencies stated. “While preventive controls are important, financial institution management should be prepared for a worst-case scenario and maintain sufficient business continuity planning processes for the rapid recovery, resumption, and maintenance of the institution’s operations.”

Joint Statement on Heightened Cybersecurity Risk

FDIC FIL-3-2020

OCC Bulletin 2020-5