June 12, 2013
OCC Holds Web Conference for Community Banks on Cyber Threats
WASHINGTON — The Office of the Comptroller of the Currency (OCC) yesterday held a webinar on cyber threats and vulnerabilities to raise awareness for community banks.
This webinar was part of the OCC’s outreach efforts to raise awareness by federally chartered banks and thrifts of the growing operational risks from cyber attacks.
“The Evolving Cyber Landscape: Awareness, Preparedness and Strategy for Community Banks” webinar discussed current threats and vulnerabilities; how the OCC and other government entities are partnering to address these threats; and practical advice for community bankers on protecting their banks and customers.
“The OCC is committed to doing everything we can to increase awareness of the institutions we regulate and to provide appropriate guidance and supervision to enable them to protect themselves against the growing cyber threat,” said Comptroller of the Currency Thomas J. Curry. “Through our supervisory activities and outreach efforts such as this webinar, we’re working to ensure banks and thrifts are in the best position to identify operational risk, bolster their risk management systems, and ensure a safe banking system for their customers.”
More than 1,000 community bankers participated in the webinar, which highlighted cyber threats and vulnerabilities and the financial sector’s public-private partnership to improve the security and resilience of the financial sector.
The webinar stressed the importance that managing the risks posed by cyber threats and vulnerabilities is not just a technology issue. Senior management needs to be engaged to set the “tone from the top” and ensure they approach preparedness as a bank-wide endeavor and consider the risks from cyber threats when contemplating strategic business decisions. The webinar also provided community bankers with practical advice to combat cyber threats, to include identifying, monitoring, and responding to cyber threats and vulnerabilities and implementing controls to manage risk.
Existing regulatory guidance addresses actions banks should take to help mitigate the risks associated with information security. The Information Security booklet of the FFIEC Information Technology Examination Handbook (IT Handbook) discusses the overall management of information security-related risk. Guidance addressing attacks against customer accounts is contained in the FFIEC’s Authentication in an Internet Banking Environment, issued in 2005 and its Supplement published in 2011. Additional OCC guidance can be found in OCC Bulletins 2005-13 on incident response, 2008-16 on application security, and OCC Alert 2012-16 on distributed denial of service attacks and customer account fraud.