Financial services companies handle large amounts of personal and financial data, which is a valuable target for criminals. As a result, these institutions face a host of significant cybersecurity threats from various domestic and foreign threat actors. Ransomware remains the dominant and potentially most impactful threat to financial services companies, although attackers continue to utilize denial-of-service attacks, phishing, spoofing, identity-based attacks, and exploitation of unpatched vulnerabilities to create disruption in supervised institutions. In addition, institutions face ongoing risks associated with incidents impacting critical third-party service providers and other vendors.
CSBS supports adoption of robust state data security laws, develops cyber exam resources, and provides numerous training opportunities for state examiners. CSBS also facilitates collaboration between state regulators and the federal banking agencies, the Department of Treasury, law enforcement agencies, and other partners to help address the needs of the financial services industry against these multi-faceted cybersecurity threats.
The Federal Financial Institutions Examination Council (FFIEC) today issued a new booklet to help examiners assess information technology practices. The “Development, Acquisition, and Maintenance” booklet provides examiners with fundamental examination expectations regarding entities’ development and acquisition planning and execution, governance and risk management, and maintenance and change management practices. It
The CSBS Nonbank Model Data Security Law leverages the FTC Safeguards Rule to establish a robust framework for nonbank financial institutions to mitigate cyber threats, prevent data breaches, and uphold the integrity of the financial system.