The FFIEC has listed its cyber-security priorities for 2015.(1) Directors and management should consider how these upcoming steps may affect their bank. In recent presentations regulators have identified cybersecurity risk as a bank’s second-highest overall risk, behind only interest-rate risk. Does your board give cybersecurity risk the attention that examiners are expecting?
Regulators are continuing to emphasize that bank CEOs and directors must understand the risks
they are undertaking with regard to cyber security, the same as understanding credit, liquidity and
other risks inherent in banking.
It’s Better to Make a Plan Now Rather than Wait
You may be surprised to learn that many of your bank’s vendors actually outsource to a third party certain critical functions that you perhaps believed your vendor was directly performing for you. As an example, your vendor may not be directly providing a secure e-mail system for you, but instead uses a third party company to host and support your secure e-mail. Maybe your vendor offers data storage for your bank—but your vendor doesn’t provide that service directly.
The FFIEC has released a list of 20 questions that CEOs and directors should ask themselves concerning their bank’s internal information process and preparedness with respect to cybersecurity risks.
The countdown to July 14, 2015, is on. That’s the rapidly-approaching date when Microsoft ends support for its popular Windows Server 2003.
Has your bank upgraded to new servers yet? Lots of banks haven’t. Analysts are predicting that many businesses will ignore the deadline and continue operating with the familiar and stable Windows Server 2003. But the consequences could be very serious.