Fed Report Tags Ransomware, DDoS as Key Cybersecurity Issues for Financial Sector

The Federal Reserve Board said in its annual Cybersecurity and Financial System Resilience report that ransomware attacks are a key issue that the U.S. financial sector is facing.

According to the Fed’s report, ransomware has become one of the more persistent issues, especially with attackers automating the threat and turning it into an as-a-service offering. RaaS involves threat actors licensing the use of their software to other malicious actors for a fraction of the ransom.

Other top IT security threats are nation-state-sponsored incursions, third-party access and distributed denial-of-service, SC Media reported Tuesday.

The Fed said DDoS attempts have been prevalent over the years, but strong mitigation and protection services have prevented or significantly reduced risks to banks, third-party organizations and other financial institutions.

The agency also pointed out that threat actors are becoming more skilled in their attacks. The skill level, paired with improved third-party software and software-as-a-service offerings, puts the banking sector at a greater risk of being hit.

With the rise of cyber threats, the Fed has been more proactive in working with financial regulators to maintain and improve cybersecurity practices. It has constantly communicated with the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corp. to conduct and coordinate cyber reviews.

The financial regulatory body recommended in its report that FIs improve staffing, training and resources for bank examiners and establish best practices and procedures to maintain good cybersecurity hygiene.