The Federal Deposit Insurance Corporation (#Fdic) that currently is in charge in insuring deposits in banks and thrift institutions against losses. A recent audit conducted by the Government Accountability Office (GAO) has found that the FDIC, which was first established is 1933, has got to update its current IT security systems.

A congressional watchdog's evaluation

In the 34-page report, the watchdog GAO said that despite establishing a comprehensive IT framework, the FDIC did not implement its program in full, leaving out certain things out of the equation. The corporation did not do enough to authenticate its privileged users to make certain that these people are really who they claim to be.

Advertisements
Advertisements

The GAO detailed several flaws in the way the FDIC system is performed. For example, the #Banking regulator does not separate its #Financial systems from other areas of its network. It also does not ensure that users are held accountable for the use of any key privileged account. Furthermore, the report found that FDIC did not include all the required information during the process of granting access to the key financial application.

Weaknesses and flaws

The review of FDIC’s financial IT system was conducted as part of GAO’s annual audit of the 2016 and 2015 financial statements, but according to Fed Scoop, the surveys started just a year after an employee left the agency having downloaded to a personal gadget the banking information of 44,000 customers.

The study found that the federal banking agency had addressed 15 of the 21 weaknesses that were unresolved as of December 31, 2015.

Advertisements

What came out of the report are six additional recommendations, not accessible from the watchdog’s website, for FDIC to addresses the most recently identified weaknesses in the areas of access and configuration management controls. The deadline for implementation is this July.

FDIC needs to improve

According to the Nextgov, the FDIC was not using a strong encryption when users connected to certain sensitive systems and that it was not scanning all of its present systems for harmful cyber vulnerabilities when it should have. In its work, the corporation relies greatly on information systems to enforce banking laws, regulate financial institutions and protecting the depositors.

FDIC has been found to have failed to act on the finding from the Office of the Inspector General, who said that the corporation did not always identify and report major incidents in a timely manner. The sensitive financial information and resources will remain at risk of “misuse, improper modification, unauthorized disclosure, or destruction” until the FDIC addresses these issues, the report said.