News Feed

FFIEC Releases Joint Statements on Risk Mitigation

Sat, Apr 4, 2015

Washington, District Of Columbia

The Federal Financial Institutions Examination Council (FFIEC) has issued two joint statements to alert financial institutions to specific risk mitigation techniques related to destructive malware and cyber attacks that compromise credentials.

  • The joint statement on Cyber Attacks Compromising Credentials discusses the growing trend of cyber attacks designed to obtain online credentials for theft, fraud, or business disruption and recommends risk mitigation techniques. Credit Unions should address this threat by reviewing their risk management practices and controls related to information technology networks and authentication, authorization, fraud detection, and response management systems and processes.
  • The joint statement on Destructive Malware discusses the increasing threat of cyber attacks involving destructive malware. Financial institutions and technology service providers should enhance their information security programs to ensure they are able to identify, mitigate, and respond to this type of attack. In addition, business continuity planning and testing activities should incorporate response and recovery capabilities and test resilience against cyber attacks involving destructive malware.

Credit Unions should design multiple layers of security controls to establish several lines of defense and ensure that their risk management processes also address the risk posed by compromised credentials, consistent with the risk management guidance contained in the FFIEC IT Examination Handbook, specifically the “Information Security,”  “Outsourcing Technology Services,” and the “Retail Payment Systems” booklets.


Source: FFIEC