FFIEC Updates Cybersecurity Resource Guide to Include Ransomware Resources
The Federal Financial Institutions Examination Council ("FFIEC") updated its Cybersecurity Resource Guide for Financial Institutions, which includes resources for identifying and responding to ransomware attacks. In connection with FFIEC's updated guide, the FDIC issued a Financial Institution Letter applicable to all FDIC-insured financial institutions.
FFIEC's guide provided the following a list of resources that financial institutions can utilize to "strengthen[] their resilience to cyber threats":
Assessments
-
Cybersecurity and Infrastructure Security Agency ("CISA") Cyber Resilience Review
-
Information and Communications Technology Supply Chain Risk Management Toolkit
-
National Institute of Standards and Technology Cybersecurity Framework
Exercises
Information Sharing
Response/Reporting
Ransomware
-
CISA Cyber Security Evaluation Tool: Ransomware Readiness Assessment
-
Conference of State Bank Supervisors Ransomware Self-Assessment Tool
The list of resources provided by FFIEC are optional tools and financial institutions aren't required to utilize them.