In today’s environment, financial institutions are attacked thousands of times a day. Unfortunately, a bad actor with the right amount of time, resources and motivation can breach any network, and new unidentified weaknesses in information systems are exposed every day. The question becomes when, not if, your institution’s information system will be breached.
The Federal Financial Institutions Examination Council (FFIEC) has developed a Cybersecurity Assessment Tool (CAT) to help financial institutions manage and evaluate their cyber risk. PBMares’ Cyber and Control Risk Services Team can assist you by:
- Identifying contributing factors and determining the organization’s overall cyber risk
- Assessing current cybersecurity preparedness and set a target state of preparedness best aligned with the organization’s risk appetite
- Evaluating whether cybersecurity preparedness is aligned with its risks
- Determining risk management practices and controls needed or needing enhancement and actions to be taken to achieve the desired state
- Reviewing, approving, and supporting plans to address risk management and control weaknesses
- Overseeing the performance of ongoing monitoring to remain nimble and agile in addressing evolving areas of cybersecurity risk
To assist you in evaluating your IT and cybersecurity, PBMares has a dedicated cybersecurity team that provides the following services to help institutions establish, maintain and monitor information systems to minimize the threats posed by sophisticated cybercriminals including:
- Cybersecurity Assessments
A cybersecurity risk assessment measures the value of the information you store on servers or in the cloud against the cost of restoring that information if it gets destroyed or stolen. Because the value of the costs involved are not easily measured—e.g., cost of restoring brand image and good will—assigning a dollar amount is a strategic decision.
- Vendor Management Reviews
Vendor management is a key concern for regulated industries, such as financial institutions. The critical issue is third-party risk. A vendor management review focuses on assessing, measuring, monitoring and controlling the risks associated with using outside vendors so you can feel confident you won’t have any unforeseen issues when seeking financing or facing regulatory examinations.
- External and Internal Vulnerability Assessments
Any person or business that uses a computer is vulnerable to cybersecurity threats. Because the threat can come from outside or inside sources, it is important to identify and prioritize the threats and risks to your organization. PBMares has the knowledge and expertise to assist your organization by performing comprehensive internal and external risk assessments and working with you to mitigate any problems the assessment uncovers.
- Cybersecurity Assessments
FFIEC IT General Controls Audits
Having strong, effective IT controls at financial institutions, including banks and credit unions, is regulated by the FFIEC. A general control audit needs to examine the institution’s internal controls. The auditor must test for items such as compliance with all laws and regulations and strict adherence the institution’s policies and procedures.
- Information Systems and Security Reviews
Information systems and security reviews compare your company’s IT security systems with its stated policies and procedures to uncover risks that pose a threat to the security and integrity of your company’s network operations. In regulated industries, the review extends to compliance with all relevant laws and regulations. PBMares’ IT reviews are geared toward helping you discourage, prevent and detect security risks.
- Business Continuity Reviews
In this era of natural disasters and security breaches, businesses should consider having its IT infrastructure examined to detect any gaps that can affect business continuity should something happen. Generally, this type of review assesses how well an organization would be able to respond if any part of the system failed. As part of the review, the team tests incidence response and technical disaster recovery plans and makes specific recommendations for reinforcing any weak points.
- Incident Response Reviews
Today’s financial institutions need to be prepared to respond to a potential security breach. Having an incident response plan in place helps ensure the situation will be handled quickly and with the least possible amount of damage. PBMares’ experts will help you design an incident response plan that includes stakeholders from all affected departments, from public relations to operations.