Community Banks and IT Risk Management
As a result of its recent cybersecurity assessments of more than 500 community banks, the Federal Financial Institutions Examination Council will review and update guidance to help banking institutions address changing cyber-risks.
The financial infrastructure’s interconnectedness and increasing reliance on Internet-based systems and servers has opened the door for new cyberthreats.
Community banks need to ensure they are adequately and regularly assessing their risks, investing in risk-mitigation technologies, and educating staff about the increasing role cybersecurity plays in day-to-day business practices.
As part of a summary of general observations, the FFIEC recommends banking institutions take immediate steps to:
- Ensure their board of directors and senior management understand their institutions’ cybersecurity risks.
- Regularly discuss cybersecurity during meetings.
- Monitor and maintain awareness of threats.
- Manage connections with and to third parties.
- Develop and test continuity and disaster recovery plans that incorporate cyber-incident scenarios.
All financial institutions need to give cybersecurity a high priority. Because of the continued evolution of cyber-attacks, community banks that regularly participate in cyber-intelligence sharing programs are better prepared to anticipate and mitigate cyber-risks. These banks are better equipped to enhance their existing controls and identify vulnerabilities in their systems. Until smaller institutions invest in advanced cyber-threat detection, prevention systems and tools, they will remain the proverbial low-hanging fruit for cybercrime.
The disparity in preparedness that the FFIEC found as part of its assessments, shows that cooperation among the nation’s largest institutions through organizations like the FS-ISAC has allowed them to stay abreast of and preemptively mitigate threats. This has yet to make front-page news and there are still thousands of banks that are not taking advantage of valuable information-sharing opportunities.
Is your bank holding up your end of the cybersecurity bargain? If you have questions about how you can protect your bank and your customers call ITPAC today.