GAO Calls Out FDIC For Lax Infosecurity Measures

ID THREATPOST:87CD1415A440E4842348C99E1696B9B2
Type threatpost
Reporter Chris Brook
Modified 2013-04-17T16:33:58


The Federal Deposit Insurance Corporation (FDIC) has drawn the ire of the Government Accountability Office (GAO) following an audit of the FDIC’s system this month.

A GAO report called the government corporation out for neglecting to use strong passwords, review user access and encrypt sensitive financial information. The report raises serious questions about the security of a key government regulatory body amidst reports of sophisticated attacks aimed at financial institutions.

GAO noted weaknesses in FDIC controls that attempt to segregate incompatible duties, manage system configurations, and implement patches, according to the report (.PDF)

GAO recommended the FDIC work with the agency’s web service provider to enhance its information security measures while the FDIC claims its already taken strides to improve the security of their infrastructure.

The FDIC helps enforce banking laws and assess the stability of financial institutions.

Recent months have brought reports of high profile attacks against financial institutions, including the Chicago Mercantile Exchange, where an employee is reported to have stolen company secrets. The Securities and Exchange Commission, in a ruling last month, said financial institutions should look to security as a necessity moving forward.