FRB – Issued Cybersecurity and Financial System Resilience Report

September 24, 2021 – Report outlines FRB policies and procedures for cybersecurity risk
management, supervisory, coordination, internal practices to monitor and assess cyber threats.
Highlights expectations for firms to manage third-party service providers. Supplemented by
interagency supervision of industry third-party technology providers.

Cyber Threat Landscape: Lists Fed assessment of current/emerging cyber threat landscape in financial services.
Four themes: malware, supply chain risk, denial of services, and attack sophistication. First, financial firms face
constant threat of malware attacks, that have evolved into complex threats such as ransomware-as-a-service (RaaS) involving
multiple actors. Franchise nature of RaaS new threat model allows low-tier actors to engage in attacks. Second, supply chain
risk where third party, vendor may serve as inception point for infiltration, specifically automated software updates may be
the launchpad for breach. Third, distributed denial of service (DDoS) threatens disruption of services that can create systemic
risk across market participants, both institutional and retail in nature. May be perpetrated by nation-state groups as attempt
to convey political statements. Finally, sophistication of actors, specifically shared communications between actors.
Usually conveyed via dark web, that have accelerated complexity of environment. Allows actors to increase efficiency of
services, share best practices, go dark quickly.

For more information, visit www.federalreserve.gov.

Discover More Regulatory Insights

Visit the AxiomSL resource center for recent Regulatory Changes for financial institutions, InsideView Blog, and Thought Leadership.



We use cookies in order to give you the best possible experience on our website. By continuing to use this site, you agree to our use of cookies.
Accept