The Federal Financial Institutions Examination Council (FFIEC) released in November observations from its 2014 cybersecurity assessment, and recommended that regulated financial institutions participate in the Financial Services Information Sharing and Analysis Center (FS-ISAC).
This past summer, FFIEC member agencies piloted a cybersecurity assessment at more than 500 community institutions to evaluate the institutions’ preparedness to mitigate cybersecurity risks.
The “FFIEC Cybersecurity Assessment General Observations” suggested the areas within their institutions that chief executive officers and boards of directors should focus on when assessing cybersecurity preparedness, including:
Current practices and overall preparedness. How do network connections, products and services offered, and technologies collectively affect the credit union’s overall inherent cyber-security risk?
Risk management and oversight. What is the process for ensuring ongoing and routine discussions by the board and senior management about cyber threats and vulnerabilities to the credit union?
Threat intelligence and collaboration. What is the process to gather and analyze threat and vulnerability information from multiple sources?
Cybersecurity control. What is the process for determining and implementing preventive, detective, and corrective controls on the credit union’s network?
External dependency management. How is the credit union connecting to third parties and ensuring they properly manage their cybersecurity controls?
Cyberincident management and resilience. In the event of a cyber-attack, how will the credit union respond internally and with members, third parties, regulators, and law enforcement?
FFIEC recommended that financial institutions of all sizes participate in the FS-ISAC as part of their process to identify, respond to, and mitigate cyber-security threats and vulnerabilities.
The FS-ISAC is a nonprofit, information-sharing forum established in 1999 by financial services industry participants to facilitate the public and private sectors’ sharing of physical and cybersecurity threat and vulnerability information and analysis.
As a member of FS-ISAC, CUNA continues to encourage the industry forum to provide more resources for credit unions and smaller financial institutions.
Credit unions interested in FSISAC and its different membership options can visit fsisac.com.
The “FFIEC Cybersecurity Assessment General Observations” is available at ffiec.gov and ncua.gov.