The FDIC provides cybersecurity awareness resources for financial institutions that credit unions can use to assess their risks and responses to threats. Within these, is a Community Bank Cyber Exercise that includes videos depicting unique security scenarios. The videos provide discussion topics on operational risk issues and the potential impact of information technology disruptions on common banking functions.

The series consists of seven short video vignettes and related challenge questions. The challenge questions for each vignette are designed to help bank management and staff think about how they would respond to the scenarios. Also included are lists of reference materials participants can turn to for more information.

• Vignette 1 – Item processing failure: A new item processing service provider cannot process the volume of transactions generated by the bank.
• Vignette 2 – Customer Account Takeover: Unauthorized withdrawals are detected in a corporate customer’s account.
• Vignette 3 – Phishing and Malware Problem:  Phishing email is opened by a bank employee, and the bank’s network is infected with malware.
• Vignette 4 – Technology Service Provider Problem: Problems occur after the financial institution’s service provider performs an update.
• Vignette 5 – Ransomware: A cyber-attack has taken place. Word processing files are being held for ransom.
• Vignette 6 – ATM Malware: An ATM virus reveals deficiencies in a bank’s service provider contract.
• Vignette 7 – DDoS as a Smokescreen: While the IT manager investigates a possible DDoS attack, a second attack exfiltrates data from the institution.