Watchdog warns FDIC fails to test banks’ cyberdefenses effectively

[Yamane_Keto]

The FDIC is the independent government agency responsible for monitoring the health of commercial banks and savings banks across the U.S. In its report, the organizations’s watchdog found that information used in InTREx was outdated, and that in some cases agency examiners were not completing tests.

Advertisement

In addition, the study found that staff were not being kept abreast of latest cyberthreat updates, and that no training for examiners was offered to reinforce InTREx procedures. According to the OIG, unclear procedures have also led to InTREx examiners failing to file exam work papers properly.

After carrying out its assessment, the FDIC watchdog has recommended the agency take 19 steps to remedy its concerns with the program. The FDIC has said it will carry out 14 of the 19 recommendations by the end of this year, but the watchdog says that actions taken by the agency to address its remaining five concerns have not been sufficient.

Last year, the FDIC’s then-CIO Sultan Meghji resigned from his post at the agency, and outlined his rationale for leaving in a blistering Op-Ed published by Bloomberg News. He said that he received resistance from staff at the agency in response modernization efforts such as ending the use of fax machines and physical mail, and criticized the knowledge and open-mindedness of staff.

The latest report comes amid a wider debate about how private sector entities are held to account for poor cybersecurity practices. In an Op-Ed published in Foreign Affairs on Wednesday, Cybersecurity and Infrastructure Security Agency Chief Jen Easterly called on the commercial sector to work to ensure that strong cybersecurity is the cornerstone of every product, and to elevate cybersecurity to a board-level concern.

https://cyberscoop.com/watchdog-warning-fdic-cybersecurity/

This is why we need bitcoin and another reason to replace your bank account.
If this is the case for banking services in the United States, which has advanced laws related to cyber security, what about the rest of the countries?
Do you trust the cyber security of banking services in your country?


- Yamane

[1714218327]

1714218327

[1714218327]

1714218327

[1714218327]

1714218327

[Hydrogen]

The rise of unknown and undocumented zero day attacks, along with state sponsored cyber crime have greatly complicated key infrastructure and institutions being able to secure themselves adequately.

FDIC merely provides insurance and oversight for the banking industry. Their expertise isn't really grounded in preventing north korea from breaching critical equipment and accounts.

When Kevin Mitnick wrote his first few books in the early 2000's, it was claimed roughly 80% of businesses with an internet presence were subject to being electronically compromised in one way or another. Not certain what the statistics are now. But with the introduction of ransomware and expansion of markets for zero day vulns, it is possible things have become progressively worse now.

If anyone has any bright ideas on how to fix things, I'm sure there are a lot of people in the world who would like to hear about it.

[Yamane_Keto]

If anyone has any bright ideas on how to fix things, I'm sure there are a lot of people in the world who would like to hear about it.

The problem, in my opinion, is that these attacks have become supported by countries, and those countries have sufficient resources to precipitate these effective attacks and may be harmful to many countries.
It is not like in the past when the Internet was not the backbone of the economy.
The term globalization and the fact that the final product can be manufactured in a number of countries makes the possibility of adding parts to hardware parts an additional problem.

- Yamane

[Gyfts]

These economic institutions don't take cyber security seriously because they expect the federal government to jump in should any of their systems be compromised and client funds get stolen. There's already been countless data breaches, probably being used for espionage or terrorism, and seemingly the FDIC still finds banking systems to be subject to attack. I wouldn't say the U.S. has advanced cyber security laws because the U.S. congress themselves are technologically inept unable to piece together legislation that would protect consumers. And of course the banking lobbyist would push back against any regulations that would force banks to increase their cyber security costs.