The Financial Services Information Sharing and Analysis Center (FS-ISAC) and the Association for Financial Professionals (AFP) are seeking participants in the 2013 Cyber Attack against Payment Processes (CAPP) Exercise. On March 12-13 and 19-20, FS-ISAC and AFP will conduct a series of simulated attacks on companies’ payment processes, allowing them to gauge their cybersecurity preparedness.
Given the rise of account takeovers, data breaches, denial of service attacks and other cybercrime efforts, organizations must have adequate security procedures in place. By participating in the CAPP exercise, your organization will be able to:
- Evaluate risk mitigation procedures and identify any gaps in planning
- Test your team’s ability to respond to major incidents
- Educate your staff on procedures to respond to complex threats
- Benchmark your business practices based on other firms’ responses
- Develop appropriate risk mitigation recommendations
- Receive a post-exercise report highlighting lessons learned and category benchmark results.
Fred Butterfield, CTP, treasury manager at Trust Company of America, noted that cybersecurity is not, and never has been, a “set it and forget it” situation. “Just as applications and systems are always evolving and changing, so too are the ways that bad guys can do bad things from somewhere else in the world,” he told AFP. “This exercise is valuable, for any size corporate or government entity, because it uses real life factors to create its scenarios. As a corporate, I get to experience a realistic, serious cyber event without actually having the world come crashing in. I think of it as specialized disaster recovery planning, business continuity planning, and other, similar exercises. It is well worth the time and effort and very useful in spotlighting potential deficiencies or troublesome areas.”
Charles Bretz of Bretz LLC and director of payment risk for FS-ISAC told AFP that FS-ISAC member financial institutions are reporting an increase in attempts by cyber criminals to take over their customers’ online cash management systems. “The good news is that the financial institutions and their customers are defeating a significant portion of these attacks; reported losses are declining,” he said. “Some of this success can be attributed to the training and knowledge of corporate treasury management and IT professionals. The 2013 CAPP for corporations is an opportunity for corporate treasury management and IT staffs to practice incident response of cyber attacks in a safe anonymous environment.”
The exercise applies to any organizations that send or receive ACH transactions, checks or wires, or conduct online banking. Treasury professionals, accounts payable staff, fraud and risk managers, IT security staff, legal and compliance officers, call center managers and corporate communications staff are encouraged to participate.
Interested parties must register by March 6 for the March 12-13 exercise, or by March 12 for the March 19-20 exercise. Participation is free and no special software is required.