Last month, the FFIEC issued an FAQ about its Cybersecurity Assessment Tool, reiterating that use of the tool is voluntary. But some critics say regulators are still questioning institutions about their use of the tool during IT examinations, meaning its use is not truly voluntary.
The FFIEC's Cybersecurity Assessment Tool needs to be redesigned, as the tool's current design sets institutions up for cyber-risk assessment failure. Industry leaders say they're hopeful that change is on the way because the FFIEC is reviewing a second wave of comments about the tool's efficacy.
In the wake of the breaches suffered by JPMorgan Chase, Sony and Anthem, attack attribution and information sharing are playing more prominent roles for banking leaders, and they will be key discussion points at the upcoming RSA Conference 2015 in San Francisco.
Could too much regulatory oversight hinder cyberthreat information sharing, rather than encourage it? That's an increasing concern for bankers, who argue regulators could bog down progress in cybersecurity.
Our inaugural Fraud Summit on Oct. 22 at the Meadowlands in New Jersey will feature an impressive lineup of information security leaders offering timely insights about practical risk mitigation strategies.
Preliminary results of the 2013 Faces of Fraud Survey show institutions are still suffering big financial losses linked to ACH and wire fraud. Why are they still getting hit, in spite of investments to detect and prevent account takeover?
Despite what's now been a two-month break from hacktivists' DDoS attacks on banks, we can expect more assaults from Izz ad-Din al-Qassam Cyber Fighters. And this next wave should concern us all. Here's why.
What can U.S. and European organizations learn from Asia-Pac about advanced mobile tech and increasing cyberthreats? That's a question I hope to answer while in Singapore for RSA Conference Asia Pacific 2013.