Skip to content

You can’t outsource Infosec responsibility

Question: 
We have engaged an external IT security company to provide strong security for us. Do we still need a cyber incident response plan?
Answer: 

Yes. In addition to being a regulator expectation, banks do need a tested “what if” plan in place. What if the cyber-attack circumvents the providers’ security? What if an internal employee opens an infected email and infects the bank’s network? What if hackers gain access and attempt to transfer funds using your own payments platform? There are a lot of “what ifs” we need to be prepared for.
Technology security providers can help protect you to an extent, but we’ve seen these attacks grow in sophistication and criminals get around even very strong security. The Plan is designed to help Operations process in a secure environment when other security measures fail.

--------

Learn more about Rayleen's webinar Cyber Attacks: What Ops is doing now.

First published on 02/28/2016

Filed under: 

Banker Store View All

From training, policies, forms, and publications, to office products and occasional gifts, it’s available here:

Banker Store

hot right now

image description

Looking for effective, convenient training on a particular subject?

BOL Learning Connect offers more than 200 courses ON-DEMAND or on CD ROM from AML to Reg Z and every topic in between.

Search Topics