To: Fast Facts List

Fast Facts: CYBER ATTACKS

Part 2: Protecting Financial Services
CONTEXT: While cyber attacks are a growing problem, the financial services industry has incredibly robust cyber protections in place. Over the past decade, the government and financial services industry have formed a strong public-private partnership to defend against such attacks. Cybersecurity measures are coordinated namely through each banks prudential regulator, but a host of other government entities are also involved, as you'll read about below. FACT: Financial services and government have codified cybersecurity standards for the industry, including: Gramm-Leach-Bliley Act Sarbanes-Oxley Act Fair and Accurate Credit Transactions Act Payment Card Industry (PCI) Data Security Standard FFIEC Information Technology Examination Handbooks FACT: Financial services institutions are regularly examined to determine their compliance with cybersecurity regulations and standards. FACT: By Presidential directive, all critical sectors are required to share threat intelligence through Information Sharing and Analysis Centers (ISACs). The Financial Services ISAC has been recognized as one of the most effective information sharing entities in operation. FACT: The Cyber Operations Resiliency Review (CORR), a service through Treasury and the Department of Homeland Security, (piloted through BITS and its members), provides cyber forensic specialists available to review financial networks for malicious activity. FACT: The Department of Homeland Security works to thwart financial cyber attacks by: Sharing cyber intelligence Running a formal security-clearance pilot program for the private sector Responding with help to companies that have been compromised.

FACT: The FBI fights cyber threats with the same seriousness and methods as terrorism threats, by working to cultivate the sources necessary to infiltrate criminal online networks, to collect the intelligences, to prevent the next attack, and to topple the network from inside. FACT: The National Security Agency, through its directive to protect national security information and information systems, works with partners across government and industry to provide security guidance. FACT: Financial services companies actively employ security measures and educate customers about how to be safe. Most of this work is proprietary, but a small number of examples include: Principal Financial deploys anti-virus software in email, Web and application services, as well as on all desktops. Intrusion detection systems monitor network traffic both to and from the Internet. In addition, they have an Information Security Incident Response plan that provides emergency procedures designed to quickly contain any virus. In 2012, U.S. Bank produced videos for the public about online banking security that have had over 10,000 views. Additionally, over the last year, U.S. Bank has taken down 224 fraudulent web sites used by cybercriminals to trick customers into giving them their log-in credentials and/or personally identifiable information. BB&T provides an education center specifically targeted to cybersecurity. The center, Security Central, is located at BBT.com/Security and is an education resource with information about how to stay safe online. The site presents user-friendly information through interactive games, informative podcasts, current security alerts, and more.

For more information about what financial services companies are doing to protect their customers, please contact BITS, the technology policy division of The Financial Services Roundtable, at www.bits.org or ann@fsround.org. Previous Fast Facts, including "Cyber Attacks: A Growing Threat," can be found at www.RoundtableResearch.org. For more information, please contact Abby McCloskey, Director of Research at the Financial Services Roundtable, at abbyresearch@fsround.org, or Scott Talbott, Senior Vice President of Government Affairs, at scott@fsround.org. Financial Services HOTLINE: If you have questions about this topic or any other issue facing financial services, please reach out to Abby directly at 202-589-2531. Learn more about the Financial Services Industry at www.OurFinancialFuture.com. OurFinancialFuture.com is continuously updated to bring you the most useful information about the industry in real-time.
1001 Pennsylvania Avenue, NW Ste 500 South

Washington, DC 20004 Direct: 202.589.2531 Website: www.fsround.org Visit www.RoundtableResearch.org to learn more about financial services and public policy.