Simulated Cyber Attack on Payment Processes Can Help you Prepare

Given the rise of account takeovers, data breaches, denial of service attacks and other cyber-crimes, your company must know how to react if it happens to you. The Financial Services Information Sharing and Analysis Center (FS-ISAC) helps companies prepare with the CAPP (Cyber Attack Against Payment Processes) Exercise. Participation is free.

The exercise is valuable for organizations of any size that send or receive ACH transactions, checks or wires, or conduct online banking. It uses real life factors to create its scenarios. Each day of the exercise you will receive an email with that day's scenario, a link to a broadcast of information about the scenarios and a series of questions for your organization to answer.

Goals of the exercise are to:

  • Evaluate risk mitigation procedures and identify any gaps in planning
  • Test your team's ability to respond to major incidents
  • Educate your staff on procedures to respond to complex threats
  • Benchmark your business practices based on other firms' responses
  • Develop appropriate risk mitigation recommendations
  • Receive a post-exercise report highlighting lessons learned and category benchmark results

Earlier this year, sixty-seven corporations participated in a CAPP exercise. It simulated a bank closing corporate online accessibility due to malware infecting the corporate workstation. The test was for these companies to maintain business continuity given that the connection could be down for days or even weeks. Findings and lessons learned from the exercise will be presented at the upcoming AFP Annual Conference in October. The next CAPP Exercise, this one designed specifically for financial institutions, will occur October 16 and October 23, 2013.