New FFIEC Guidance Highlights Mobile Banking Risks

Posted by Greg Mancusi-Ungaro

Thu, Jun 09, 2016

The FFIEC has just published new examiner guidelines focused on institutional risks arising from mobile banking technologies and practices. Financial Institutions are now likely to face tough questions about their security practices around mobile apps, and mobile banking websites and infrastructure. This new guidance applies to all FDIC institutions, including those with assets less than $1Billion.

From the April FFIEC Guidance on Mobile Banking:
  • The appendix emphasizes an enterprise-wide risk management approach for effectively managing and mitigating the risks associated with mobile financial services.
  • The appendix discusses the technologies used in the mobile delivery channel, elevated risks that may result, and appropriate controls implemented by institutions or third-party providers.
  • The appendix contains a work program to assist examiners in determining the risks posed by an institution’s mobile financial services and assessing the controls that have been implemented to mitigate those risks.

For the first time, the FFIEC is emphasizing that institutions gain visibility to and understanding of ALL mobile apps and mobile banking infrastructure that appear to be related to the institution. Some of these will be legitimate, implemented and authorized by the institution. But others will have been deployed by cyber criminals to attack the institution, the institution's customers, and the institution's partners.To help CISOs and security teams better understand the guidance, and to provide useful strategies for addressing these new security requirements, BrandProtect subject matter expert Dylan Sachs will review the recent guidance in a free one-hour webcast schedule for June 23, 2016 from 1:00 - 2:00 p.m.

Read More

Topics: mobile app monitoring, cyber threats, Chief Security Officer, bankSMART, FFIEC

BrandProtect Anti Phishing Adds MX Record Monitoring.
CISOs: Why This Matters To You.

Posted by Greg Mancusi-Ungaro

Thu, Mar 24, 2016

Over the past 18 months there has been a phenomenal increase in the frequency of socially targeted email attacks. 

The FBI recently reported that global losses related to these Business Email Compromise (BEC) scams experienced a 270% increase from January to August 2015. These kinds of attacks do real damage, including the compromise of internal networks, the inappropriate disclosure of company IP or PII, the incorrect transfer of funds from the company treasury, to name a few of the most common outcomes. Hundreds of millions of dollars have been stolen through these schemes, directly affecting corporate bottom lines.

In these sophisticated attacks, employees, and/or business partners are targeted

Read More

Topics: Identity Theft, Domain Management, cybersquatting, Phishing, cyber threats, online risk, Spear Phishing, CISO, CSO, FFIEC

Subscribe to our weekly CyberThreat Digest

Each week, our Cyber Threat Analyst team prepares a digest of the latest cyber threat news and alerts. Subscribe today and begin receiving it on Monday.

 Get the Weekly CyberDigest

 

Subscribe to receive a weekly summary of our latest posts

Posts by Topic

see all