Two national banking regulators have come out and issued guidance warning companies in the financial services industry, especially smaller companies, about an increased risk of a cyber attack, as a result of “increased geopolitical tensions and threats.”
The warning came from the Federal Deposit Insurance Corp., which regulates depository institutions and the Office of the Comptroller of the Currency, which regulates national banks.
While not specifically naming the source of the geopolitical tension, the guidance does call on institutions to “reevaluate the adequacy of information technology safeguards against threats, especially safeguards against ransom and other destructive malware.”
Even though the guidance is targeted at financial institutions, companies in the credit and collection industry could also use it as an opportunity to test their cybersecurity protections. “While preventive controls are important,
financial institution management should be prepared for a worst-case scenario and maintain sufficient business continuity planning processes for the rapid recovery, resumption, and maintenance of the institution’s operations,” the FDIC wrote.
The guidance laid out a series of different areas that should be evaluated, including:
- Response, resilience, and recovery capabilities
- Identity and access management
- Network configuration and system hardening
- Employee training
- Security tools and monitoring
- Data protection
It can be easy for a company in the credit and collection industry to think that this kind of attack would never happen to them. But, one of the largest data breaches last year occurred at a collection agency, when someone gained unauthorized access to a collection agency’s web-based payment portal and compromised the personal information of more than 25 million people. The agency was forced to shut down and file for bankruptcy protection.