Joint Statement on Cyber Attacks Involving Extortion

The FFIEC issued a Statement notifying financial institutions of the increasing frequency and severity of cyber attacks involving extortion. The Statement does not contain any new regulatory expectations.


Credit unions should develop and implement effective programs to ensure they are able to identify, protect, detect, respond to, and recover from these types of attacks. The Statement recommends that financial institutions consider taking the following steps:

  • Conduct ongoing information security risk assessments
  • Securely configure systems and services
  • Protect against unauthorized access
  • Perform security monitoring, prevention, and risk mitigation
  • Update information security awareness and training programs, as necessary, to include cyber-attacks involving extortion
  • Implement and regularly test controls around critical system
  • Review, update, and test incident response and business continuity plans periodically
  • Participate in industry information-sharing forums

Joint Statement on Cyber Attacks Involving Extortion

Leave a Reply

Your email address will not be published.