3 minute read

Banks must notiFy threats to customers

FDIC Rule to Notify Customers After Breach of Systems

Financial malware hits institutions and individuals

Advertisement

Zoe Landi Fontana, The Weekly Journal @Landi_Zoe

As of May 1, the Federal Deposit Insurance Corporation (FDIC) will require that all banks notify their customers of any breach or hack of their systems within 36 hours. This move follows an increase in regulatory and federal efforts to standardize the procedures and time frames in which institutions report incidents.

Among banks and businesses alike, rates of digitization have been increasing. With this comes the necessity to address all possible implications for the future of cybersecurity.

It is important that, regardless of any notification by the institutions about a cyber attack, the client carries out a constant monitoring of their accounts to report any suspicious activity that is reflected in them,

Zoimé Álvarez Rubio Executive Vice President, Puerto Rico Bank Association

“One of the key steps FDIC-sponsored organizations can do other than monitoring the amendment status is to take inventory of their current incident reporting processes and timelines,” said Davie Murphy, Manager of Cybersecurity at Schneider Downs. “While the amendment is in the proposal state, these organizations need to know where they stand now so they can gauge the number of work/changes they will need if the amendment is approved.”

A 2022 report by McKinsey & Company predicts annual costs related to cybercrime to increase by 15% annually - reaching $10.5 trillion a year by 2025. The same report projects spending on cybersecurity providers to hit $101.5 billion by 2025 as well. Zoimé Álvarez Rubio, Executive Vice President of the Puerto Rico Bank Association (Spanish acronym, ABPR) expressed the following to THE WEEKLY JOURNAL: “Puerto Rico has a strong, transparent, and highly regulated commercial banking industry. Our bank is federated and is governed by the laws and regulations applicable at the federal level, as well as state. Many of these regulations respond to consumer protection and the healthy administration of institutions, ensuring the safety, soundness and liquidity of the banking system.”

Protecting Users

“It is important that, regardless of any notification by the institutions about a cyber attack, the client carries out a constant monitoring of their accounts to report any suspicious activity that is reflected in them,” commented Álvarez.

Financial malware, a term used to describe malicious software that targets financial institutions, can take many forms, yet phishing remains one of the most common. Although the tactic may seem overly simplistic, it is exactly that quality that makes it such an effective technique.

Kaspersky Labs, a cybersecurity and antivirus provider, detected on user computers over 250 million attempts to follow a phishing link. Of these, an estimated 41.8% targeted users’ finances - online banking, payment systems, and e-commerce. To avoid fraud and scams, the FDIC recommends the following tips: Be wary of emails or text messages that require following a link. Clicking the link could lead to the installation of

In fact, malware, which allows thieves to gain access to sensitive information. A 2022 report by McKinsey & Company predicts annual costs related to cybercrime to increase by 15% annually, reaching $10.5 trillion a year by 2025. Any email or phone requests to update personal information should be treated with suspicion. Legitimate organizations will not ask for information using an unsecured method, as they already have the user’s personal information in their system. If an offer seems too good to be true, requires fast action, or asks for funds to be sent quickly by wire transfer - it is most likely a scam. Be on the lookout for disaster-related financial scams. These types of scams target victims of catastrophic events - fires, hurricanes, earthquakes - by pretending to be representatives of a charitable organization, while in reality, they endeavor to steal money or personal information.

This article is from: