In 2015, the banking, credit and financial industries have reported more than 40 data breaches that exposed more than 400,000 records. The breached entities range in size from a 200-location independent mortgage company to global banks with high name recognition.

Data breaches don’t just happen to large banks. Community banks also fall prey to cyber-attacks and breaches. When a data breach occurs, it’s increasingly becoming a question of “when,” not “if,” are you prepared?

The Federal Financial Institutions Examination Council’s updated guidance for bank examiners emphasizes that executives and boards of directors must approve IT plans that contain strategies for addressing emerging and ongoing cyber threats.

On Nov. 3, 2015, the Federal Financial Institutions Examination Council has issued an alert calling on financial institutions to take specific risk mitigation steps due to an increase in the frequency and severity of cyber-attacks involving extortion.

The FFIEC statement was prompted by recent reports of distributed denial-of-service attacks tied to extortion, such as those by the group known as DD4BC. Ransomware attacks have also been on the rise. The FFIEC is urging banks to take specific steps to mitigate these risks.

The FBI has recently issued a renewed warning about what it calls the Business Email Compromise, a scam being used against companies that use wire transfers for payments.

Just like many breaches, this scam usually starts with socially engineered phishing.

A $46.7 million business email compromise scheme that targeted Ubiquiti Networks, Inc. shows just how little cybercriminals have to do to fool employees into unknowingly committing wire fraud.

Ubiquiti, a wireless networking technology provider, announced that it had been targeted by an email impersonation scheme that convinced employees in its finance department to fraudulently schedule wire transfers to overseas accounts.

New business continuity guidelines from the Federal Financial Institutions Examination Council give more details on the cybersecurity initiatives banks and credit unions will be asked to address during upcoming examinations.

These new guidelines are likely the result of the FFIEC’s cybersecurity assessment program that was piloted at 500 community institutions last summer.

On June 30 the Federal Financial Institutions Examination Council released its Cybersecurity Assessment Tool. The tool is designed to help banks of all sizes assess identity risks and weaknesses in their cybersecurity preparedness programs.

With card-present fraud liability shift right around the corner in October, it’s important for everyone to understand how these changes affect them as well as the other changes that EMV brings to the financial world.

Largely this breaks down into two types of fraud that EMV is designed to mitigate: counterfeit cards and lost or stolen cards.

According to the Office of the Comptroller of the Currency there are currently five cyber threats that pose the greatest concern to community banks in 2015.

Cyber-attacks are targeting more than top-tier banks and Fortune 500 businesses. Increasingly, community banks and credit unions, as well as other small businesses, are more likely to be targeted by cyber-attacks because hackers believe small businesses present easier targets. One of the dangers that affect many smaller businesses is self-inflicted because in many cases community banks feel like they’re not large enough to be an enticing target to hackers and other cyber-criminals. It’s this type of thinking that poses one of the greatest threats to community banks and credit unions.