After noticing an increased “frequency and severity” in the number of hackers attempting to extort financial institutions, U.S. financial regulators have put out a serious warning to banks and credit unions to keep their networks protected from unauthorized access.
As The Wall Street Journal reported Tuesday (Nov. 3), the Federal Financial Institutions Examination Council (FFIEC) is just one of a series of regulators that have issued warnings about extortion cyberattacks.
“Cyberattacks against financial institutions to extort payment in return for the release of sensitive information are increasing. Financial institutions should address this threat by conducting ongoing cybersecurity risk assessments and monitoring of controls and information systems,” FFIEC said in a press release.
“In addition, financial institutions should have effective business continuity plans to respond to this type of cyberattack to ensure resiliency of operations.”
FFIEC’s statement highlights resources institutions can use to mitigate the risks associated with cyberattacks and provides steps to take in response to these attacks.
The trend of hackers resorting to extortion and threats of cyberattacks in order to get financial companies to pay up continues to grow, mostly because, in many cases, it’s working.
Since April, more than 100 big banks and brokerages have received distributed denial of service (DDoS) threats, the Federal Bureau of Investigation Agent Richard Jacobs told MarketWatch earlier this year.
Hackers issue these threats by demanding companies pay a certain amount of money, which typically runs in the tens of thousands of dollars, or risk their websites being jammed up with traffic and rendered useless.
In some cases, the companies that pay hackers to back down end up becoming even bigger targets because they show a willingness to engage. But if firms are able to trace back the threats, they may be able to determine how likely the criminals are to follow through if their demands are not met.
“There are some groups who typically will go away if you don’t pay them, but there’s no guarantee that’s going to happen,” Jacobs told MarketWatch, noting that not all of the companies that are targeted will actually experience attacks.
According to information services and analytics company Neustar, a distributed denial of service outage could result in the loss of more than $100,000 an hour for targeted companies in the financial sector.
To check out what else is HOT in the world of payments, click here.