The Federal Financial Institutions Examination Council (FFIEC) this week warned financial institutions about the growing frequency and severity of cyber attacks involving extortion.

In a statement putting banks and credit unions on the alert against these types of attacks, the FFIEC said, “Cyber attacks against financial institutions to extort payment in return for the release of sensitive information are increasing. Financial institutions should address this threat by conducting ongoing cybersecurity risk assessments and monitoring of controls and information systems.”

In addition to having business continuity plans in place to respond to attacks of this nature, the council also advises that financial institutions:

• Securely configure systems and services.
• Protect against unauthorized access.
• Perform security monitoring, prevention and risk mitigation.
• Update information security awareness and training programs, as necessary, to include cyberattacks involving extortion.
• Implement and regularly test controls around critical systems.
• Participate in industry information-sharing forums.