What do the Bangladesh central bank and your third-party vendors have in common? They need to be taking steps to protect themselves and customers from cyber attacks.
The threats are real. Earlier this year hackers stole $81 million from Bangladesh’s Federal Reserve Bank of New York account via the Swift international fund-transfer network—with aims of stealing $1 billion, American Banker reports. Other institutions have fallen victim, including those in Ecuador, Vietnam and the Philippines, Reuters reports. In May the FBI issued a private alert warning American institutions to be aware of a “malicious cyber group,” the news service says.
What does this have to do with your third-party vendors? Everything.
As a result of these attacks, the Federal Financial Institutions Examination Council (FFIEC) released a statement on June 7 highlighting best practices for cyber risk vulnerability management “to remind financial institutions of the need to actively manage the risks associated with interbank messaging and wholesale payment networks.”
One of the statement’s most common refrains: stay on top of third-party vendors. It’s mentioned five times in the five-page document.
What should institutions be doing? The statement recommends these five vendor management best practices.
While none of these requirements are new, the statement is an important reminder that proper vendor management is critical to limiting third-party risk and blunting the impact of growing cyber threats. Vendor management is far more than mitigating the risk of an examiner’s negative finding. Appropriate vendor management helps decrease the risk of major cyber security breaches.
Make sure you have a strong system for ensuring your vendors can detect and fend off cyber attacks—their IT practices are just as important as your own.