GAO Calls Out FDIC For Lax Infosecurity Measures

The Federal Deposit Insurance Corporation (FDIC) has drawn the ire of the Government Accountability Office (GAO) following an audit of the FDIC’s system this month.

The Federal Deposit Insurance Corporation (FDIC) has drawn the ire of the Government Accountability Office (GAO) following an audit of the FDIC’s system this month.

A GAO report called the government corporation out for neglecting to use strong passwords, review user access and encrypt sensitive financial information. The report raises serious questions about the security of a key government regulatory body amidst reports of sophisticated attacks aimed at financial institutions.

GAO noted weaknesses in FDIC controls that attempt to segregate incompatible duties, manage system configurations, and implement patches, according to the report (.PDF)

GAO recommended the FDIC work with the agency’s web service provider to enhance its information security measures while the FDIC claims its already taken strides to improve the security of their infrastructure.

The FDIC helps enforce banking laws and assess the stability of financial institutions.

Recent months have brought reports of high profile attacks against financial institutions, including the Chicago Mercantile Exchange, where an employee is reported to have stolen company secrets. The Securities and Exchange Commission, in a ruling last month, said financial institutions should look to security as a necessity moving forward.

Suggested articles

Report Recommends Series of Cybersecurity Changes at FAA

The Federal Aviation Administration needs to upgrade and update its information security capabilities–including building a threat-modeling capability and implementing federal security guidelines–in order to ensure the safety of the nation’s aviation infrastructure, according to a new report by the General Accounting Office. The report is the result of a review of the FAA’s security practices […]