Banks are a prime target for cyberattacks. Banks store and utilize a large volume of confidential data surrounding their client’s personal information, account information, and other data. For bank leaders, it’s important to understand the unique challenges and regulations you must meet to protect this data. Attacks may range from malware, phishing or DDoS, to sophisticated compound attacks that use multiple methods at once to infiltrate the organizations and compromise security. You must be prepared to prevent, detect, and remediate any potential security incidents.
Since 1999, financial organizations are required to develop information security programs as part of the Gramm-Leach-Bliley Act (GLBA). Financial organizations are required to evaluate and manage cyber risk as part of overall business risks and develop safeguards to protect customers’ personal and financial data. Penalties for failing to comply with GLBA can be up to $100,000 per violation, with officers and directors also personally liable for fines up to $10,000 per violation.
Compliance with GLBA is largely overseen by the Federal Financial Institutions Examination Council (FFIEC) who designs and supervises audits for covered organizations. The council also publishes an IT Examination Handbook detailing the IT security controls that should be used by organizations in the protection of data. The handbook details areas including inventory of devices and network maps, capabilities to detect and patch vulnerabilities, security monitoring and incident response, access controls, system hardening, and other aspects.
For a brief overview of the requirements and areas where Cygilant can help, download our FFIEC Workbook.