FFIEC Statement on Cyber Extortion
Cybercriminals are using ransomware, DDOS, theft of customer information and more to extort funds or require certain actions from financial institutions.

FFIEC guidance outlines some very specific steps you can take to understand and mitigate these risks.

The FFIEC recently released a joint statement to notify financial institutions of the increasing frequency and severity of cyber attacks involving extortion. Cybercriminals are using various strategies such as ransomware, distributed
denial of service (DDOS) and theft of sensitive customer information to extort funds or require certain actions from targeted financial institutions. Some institutions have experienced severe disruption to customer facing systems, internal business interruptions
and loss of customer data. There is additional reputational risk with unavailability of banking services and data breach notification processes.


FFIEC guidance outlines some very specific steps that financial institution can take to understand and mitigate these risks. The following items will be discussed in detail:

  • Conduct ongoing information security risk assessments
  • Securely configure systems and services
  • Protect against unauthorized access
  • Perform security monitoring, prevention, and risk mitigation
  • Update information security awareness and training programs, as necessary, to include cyber attacks involving extortion
  • Implement and regularly test controls around critical systems
  • Review, update, and test incident response and business continuity plans periodically
  • Participate in industry information-sharing forums

We will explore how to implement a strategy for each of these FFIEC controls to ensure your institution has taken appropriate steps to address Cyber Extortion. As cybercrime continues to evolve, we must evolve our risk management and security practices to adapt to the new environment we do business in.


Senior management, IT officers, security officers, operations officers, risk managers, auditors and compliance officers.


Dr. Kevin Streff, Secure Banking Solutions (SBS) Dakota State University

  • Spoken for many bank trade association conferences as keynote, performed education at FDIC University, and testified to congress on cyber security in financial institutions
  • Former Director and current Associate Professor of DSU National Center of Excellence in Information Assurance
  • Founder and President of Secure Banking Solutions
  • Faculty member of the University of Wisconsin Graduate School of Banking
  • Founder and past President of InfraGard-South Dakota

Credit Information

Institute of Certified Bankers: Visit http://www.icbmembers.org/login.aspx for instructions regarding self-reporting. Estimated credits: 2 hours/session


Live Webinar:

Member price: $275.00 | Non member price $550.00

On-Demand Webinar

Member price: $295.00 | Non member price $560.00


Online: Visit the CBA Webinar Catalog

Mail: Click here and mail completed form with check payable to ConferenceEdge to: (Mail at least 10 days prior to event)

1516 Xavier St., Ste 500, Denver, CO 80204

Phone: Call ConferenceEdge at (877) 988-7526 (credit card payments only)

Please Note:

  • Preferred Payment Method: Online
  • Please register online or by phone when paying with a credit card
  • Payment Must Accompany Registration – Invoices are Not Provided

Register online up to day of event. Earlier registration allows time to check your computer for an optimal experience.