What is Cybersecurity?
Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access.
April 2021 - Cybersection - The Quarter Newsletter (PDF)
- Department reminds firms to contact regulators with issues related to SolarWinds Breach
- CISA: CHIRP IOC Detection Tool
- Microsoft Exchange Cyber Attack
- Randsomware Self-Assessment Tool
March 26, 2021 - NEW ALERT:
CISA has issued a new alert for detecting post-compromise threat activity using the CHIRP IOC Detection Tool. The tool to assist network defenders with detecting activity related to the supply chain compromises affecting SolarWinds and Active Directory/Microsoft 365. Access the alert here. https://us-cert.cisa.gov/ncas/alerts/aa21-077a
March 16, 2021 – UPDATE: Microsoft Exchange Server Vulnerability
CISA has updated Alert AA21-0762A regarding the Microsoft Exchange Server Vulnerability with further guidance. The updated Alert may be found here: https://us-cert.cisa.gov/ncas/alerts/aa21-062a
March 2021 - Microsoft Exchange Server Vulnerability
CISA Emergency Directive 21-02: The Cybersecurity & Infrastructure Security Agency (CISA) has issued Emergency Directive 21-02 regarding Microsoft Exchange On-Premises Product Vulnerabilities. Additional information may be found here. https://www.cisa.gov/ed2102. All institutions should be assessing their own and vendor exposure to the Microsoft Exchange vulnerability and taking necessary mitigation steps.
February 2021 - Ransomware
Bankers Electronic Crimes Taskforce (BECTF), State Bank Regulators and the
United States Secret Service has developed a Ransomware Self-Assessment
Tool. The tool was developed to help financial institutions assess their
efforts to mitigate risks associated with ransomware and identify gaps for
increasing security. This tool provides executive management and the board of
directors with an overview of the institution’s preparedness towards
identifying, protecting, detecting, responding, and recovering from a
For more information click here.
January 2021 - Cybersection - The Quarter Newsletter (PDF)
Cybersecurity ALERT: SolarWinds Orion Platform Software IT Incident
December 2020 - Alert - SolarWinds Orion Platform Software IT Incident
On December 13, 2020, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert regarding an active exploitation of SolarWinds Orion Platform. See https://us-cert.cisa.gov/ncas/current-activity/2020/12/13/active-exploitation-solarwinds-software. All financial institutions should be assessing the risk to their systems and implementing necessary remediation measures.
Financial Institutions are encouraged to obtain updates and threat and vulnerability information from the Cybersecurity and Infrastructure Security Agency at http://www.cisa.gov or through the Financial Services Information Sharing and Analysis Center (FS-ISAC) at http://www.fsisac.com.
The below are links to additional resources financial institutions may refer to as they conduct their risk assessments and determine applicable remediation steps.
October 2020 - Cybersection - The Quarter Newsletter (PDF)
FinCEN Issues Advisory on Ransomware
- FTC Data Shows Big Increase in Social Media Scams
- Stay Vigilant Online
- NIST: Integrating Cybersecurity and Enterprise Risk Management (ERM)
- Consumer Cybersecurity Tips
- FBI - Increased Use of Banking Apps Could Lead to Exploitation
- Tips to Avoid Coronavirus Financial Scams, Investment Schemes
- Stimulus Payment Phishing Scams
- Strategies to Help Pennsylvanians Protect Themselves Online and on the Phone
- Essential Elements of a Culture of Cyber Readiness
- Essential Actions for Building a Culture of Cyber Readiness
- Protect Yourself Against Ransomware
- Your Voice Counts! Social Media Feedback
April 2019 - Cybersection - The Quarter Newsletter (PDF)
- NIST Launches Cybersecurity Website for Small Biz
- State Regulators Appeal to Congress on Marijuana Banking Fix
- FINRA Issues Cybersecurity Practices Report for Broker-Dealers
- PA Supreme Court Holds Businesses Have Legal Duty to Safeguard Employee Information
- DOBS Staff Recognition
October 2018 - Cybersection - The Quarter Newsletter
- Personally Identifiable Information
- Free Cybersecurity Assessments, Services Available
- Position Issued on Use of Investor Client Username, Passwords
DoBS Cybersecurity Efforts Expand
Third-Party Risk Management
- Cyber Insurance: Right for Your Company?
Department Issues Cybersecurity Guidance
November 2017 - Secretary's Letter on Cybersecurity
Cybersecurity continues to be a top priority of the department, as it should be for every financial services institution and business. The department continues to develop and share resources available to companies and organizations to assist them in developing strong practices to address cybersecurity threats.
October 2017 - Cybersection - The Quarter Newsletter (PDF)
New Cybersecurity Resource to Protect Pennsylvanians
NIST Cybersecurity Guidance for Small-Business Owners
2016 - Cybersecurity Year in Review
Personal Identifiable Information
- Cybersecurity Awareness Month
Finance and Technology
National Cyber-Forensics & Training Alliance
New Video to help Consumers
October 25, 2016
FinCEN IssuesAdvisory to Financial Institutions on Cyber-Events and Cyber-Enabled Crime (PDF) -
The Financial Crimes Enforcement Network (FinCEN) issued an advisory to financial institutions on cyber-events and cyber-enabled crime. Cybercriminals target the financial system to defraud financial institutions and their customers and to further other illegal activities. Financial institutions can play an important role in protecting the U.S. financial system from these threats. In addition to the advisory, FinCEN also issued
Frequently Asked Questions (FAQs) (PDF) regarding the reporting of cyber-events, cyber-enabled crime, and cyber-related information through Suspicious Activity Reports.
October 2016 - Secretary's Letter on Cybersecurity
The Department continues to work collaboratively with federal regulators, other states financial regulators, and other Commonwealth agencies to address cybersecurity challenges.
October 2016 - FFIEC Announces it will host two webinars in observance of Cybersecurity Awareness Month. Register for the webinars here.
September 2016 - The FFIEC issued a
Revised Information Security Booklet on September 9, 2016, which is part of the FFIEC Information Technology Examination Handbook.
- A Presidential Policy Directive (PPD-41) released on July 26, 2016, sets forth principles governing the federal government’s response to any cyber incident, whether involving government or private sector entities. For significant cyber incidents, PPD-41 also establishes lead federal agencies and an architecture for coordinating the broader federal government response.
Presidential Policy Directive - United States Cyber Incident Coordination
June 2016 - FFIEC issues Joint Statement on Cybersecurity of Interbank Messaging and Wholesale Payment Networks FIL-37-2016
April 2016 - Cybersection - The Quarter Newsletter (PDF)
January 2016 - Cybersection - The Quarter Newsletter (PDF)
- Federal Resources for Businesses
Patch-Management and Software Security Precautions
- Federal Regulators Release Revised Management IT Booklet
Data Breach Protocol
Cybersecurity Act of 2015
DOBS Staff Recognized at PA Digital Government Summit
Cybersecurity Task Force Announced
September 2015 - Cybersecurity Efforts and Resources (PDF)
A letter from the Secretary of Banking and Securities to all state-chartered and licensed entities announcing the formation of a Cybersecurity Task Force, describing Commonwealth cybersecurity efforts, and encouraging the development of cybersecurity attack prevention and mitigation plans using available and recommended resources.