FDIC Warns U.S. Financial Institutions of Elevated Risk of Cyberattack

Businessman holding a red traffic triangle warning sign in front of his headCiting “increased geopolitical tension”, banks are warned to immediately reevaluate to shore up cybersecurity controls and technology safeguards against ransomware and malware attacks.

As part of a proactive effort to ensure financial institutions are secure against impending cyber threats, the FDIC issued a warning about potential attacks that can only be assumed to be the result of relations between the U.S. and Iran. The FDIC is encouraging U.S. institutions to have both preventative measures and a “worst-case scenario” response plan.

According to the FDIC, two specific attack vectors were mentioned:

  • Through the use of malware-infected storage devices, such as USB drives
  • By “compromising user credentials and introducing malware through social engineering financial institution employees and contractors with phishing or spear phishing attacks”

Of the two, the latter is far more probable, as attackers never need to physically be anywhere near the targeted institution.

Because of the prevalence for phishing and spear phishing attacks used as the entry point for malware and ransomware-based attacks, the FDIC recommends the following guidance:

  • Continual user Security Awareness Training for “recognizing cyber threats, phishing, and suspicious links”
  • Phishing testing as a feedback loop to measure “the effectiveness of such cybersecurity training programs”

Even in times when there is not specific geopolitical threat of concern, financial institutions always need to be on alert. Trojan malware such as Emotet are specifically design to target financial institutions. While the FDIC’s warning should definitely be heeded, the reality is banks are a constant target.

Request A Demo: Security Awareness Training

products-KB4SAT6-2-1New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!

Save My Spot!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews