The U.S. Federal Deposit Insurance Corporation (FDIC) has issued a cyberattack warning letter to all FDIC-supervised institutions -- which includes roughly 5,400 U.S. banks and financial services firms.
The letter outlines heightened cybersecurity risk considerations amid "increased geopolitical tensions" -- an apparent reference to turbulent U.S.-Iran relations.
The FDIC letter also features a link to a five-page statement that offers guidance for business resilience, authentication, system configuration, security tool use, data protection, and employee training.
As of the end of 2018, the FDIC provided deposit insurance at 5,406 institutions, Wikipedia says.
The FDIC statement is similar to a U.S. Department of Homeland Security (DHS) warning issued Saturday, January 4, 2020. The warnings reflect heightened international tensions after the United States launched a lethal strike in Iraq, killing Iranian IRGC-Quds Force commander Qassem Soleimani while Soleimani was in Iraq.
MSSP Alert Recommendations
The FBI and U.S. Department of Homeland Security have repeatedly warned MSPs and their technology platform providers about cyberattacks.
To get ahead of the threat, MSSP Alert and ChannelE2E have recommended that readers:
- Sign up immediately for U.S. Department of Homeland Security Alerts, which are issued by the Cybersecurity and Infrastructure Security Agency. Some of the alerts specifically mention MSPs, CSPs, telcos and other types of service providers.
- Study the NIST Cybersecurity Framework to understand how to mitigate risk within your own business before moving on to mitigate risk across your customer base.
- Explore cybersecurity awareness training for your business and your end-customers to drive down cyberattack hit rates.
- Connect the dots between your cybersecurity and data protection vendors. Understand how their offerings can be integrated and aligned to (A) prevent attacks, (B) mitigate attacks and (C) recover data if an attack circumvents your cyber defenses.
- Continue to attend channel-related conferences, but extend to attend major cybersecurity events — particularly RSA Conference, Black Hat and Amazon AWS re:Inforce. (PS: Also, keep your eyes open for PerchyCon 2020 in January.)