← Return to Blog

22 Jan, 2018

More Threats + Increased Complexity. What Is Your Bank’s Answer?

Overview

More cyber threats and increased complexity equals greater risk and enhanced regulatory scrutiny on the CEO and Board.

That essentially summarizes not only the OCC’s recently released Semiannual Risk Perspective for Fall 2017, but the challenges all banks face regardless of their regulator in 2018.

The speed and sophistication of cyber threats is rapidly increasing, and banks are relying more on vendors to provide critical services that the bank does not have the resources itself to provide. Cyber threats have become more severe, thereby exposing banks to vulnerabilities that many times result in fraud. Social engineering activities such as phishing are also on the rise, and many banks have unpatched or unsupported software, leaving them vulnerable to cyber attacks. Banks are depending on third-party service providers more than ever before, and consolidation has resulted in an increased reliance on a small number of vendors providing critical applications.

As a result of increasing cyber threats, growing reliance on vendors and emerging new products and services offered through financial technology companies, heightened supervisory focus is warranted. Regulatory examiners are expected to be placing an increased emphasis on operational risk management practices during upcoming examinations.

Recommended Actions

  • Ensure that your bank has a well-established cyber response plan that has been tested and will support you if a cybersecurity breach occurs.
  • Designate personnel and assign key responsibilities in the event of a cyber breach.
  • Implement strong authentication and properly manage user access accounts.
  • Review your third-party risk management program to ensure that vendors are being properly supervised throughout the life cycle.

----

SOURCE
Office of the Comptroller of the Currency (OCC) - Semiannual Risk Perspective

← Return to Blog

Disclaimer

This publication attempts to provide timely and accurate information concerning the subjects discussed. It is furnished with the understanding that it does not provide legal or other professional services. If legal or other expert assistance is required, the services of a qualified professional should be obtained.

Related Posts

Information Security Brief - October 2024

Cyber Security Awareness Month In 2004, the President of the United States and Congress declared October Cyber Security ...

Read more

CEO Update - Q4 2024

Donald Rumsfeld, Secretary of Defense of the United States of America, 1975-1977 and 2001-2006, is famous for saying, “T...

Read more

Information Security Brief - September 2024

Login Here Login There; Login Everywhere Whether you’re at work, at home, or traveling, websites and applications consta...

Read more