The Financial Services Information Sharing and Analysis Center (FS-ISAC) reported Tuesday that 446 financial institutions completed the 2012 Cyber Attack against Payment Processes (CAPP) exercise held in November 2012.
Over a three-day period, FS-ISAC presented participants with a series of complex simulated attacks, such as account takeovers, distributed denial of service (DDoS) attacks, altered ACH files, fraudulent wire transfer requests and the loss/theft of customer information. The exercise was open to all financial institutions.
“The simulations we staged for CAPP participants are based on recent real world attacks experienced by our members,” said Bill Nelson, president and CEO of FS-ISAC. “This is the third year that the CAPP exercise was held and it is an intense three day exercise that promotes collaboration and intelligence sharing among financial institutions, and ultimately contributes to a stronger financial infrastructure.”
The exercise allowed participating FIs to understand the strengths and weaknesses of their existing security procedures and develop best practices. The 2012 exercise revealed that most FIs:
- React and adapt quickly to threats
- Use layered security and
- Have developed specific plans to counter DDoS attacks.
This was the third annual CAPP exercise for FIs. The next one will be held in fall 2013.
The news comes as FS-ISAC and AFP prepare for the 2013 CAPP exercise in March, which will test corporates’ payments processes and help them to gauge their cybersecurity preparedness. Treasury professionals, accounts payable staff members, fraud and risk managers, IT security staff members, legal and compliance officers, call center managers and corporate communications staff members are encouraged to participate. Register here.