Banking Insurance Agency is Weak on Cybersecurity

Maksim Kabakou/

The Federal Deposit Insurance Corporation isn’t sufficiently vetting its systems for vulnerabilities.

The government agency that insures banks against devastating losses isn’t doing enough to secure its sensitive financial information from cyber intruders, a government watchdog said Wednesday.

The Federal Deposit Insurance Corporation has made strides to protect its information, according to the Government Accountability Office report, but those protections remain “significant[ly] deficient.”

In particular, FDIC isn’t doing enough to authenticate that privileged users on its systems are who they say they are and hasn’t sufficiently isolated sensitive financial systems from the rest of its network, GAO found.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

The organization also hasn’t ensured all privileged users are responsibly managing those privileges or created a full accounting of all the organization’s information technology assets, the GAO said.

FDIC is also not using strong encryption when users connect to certain sensitive systems, the report said, and is not scanning all of its systems for dangerous cyber vulnerabilities.

GAO made six recommendations to improve FDIC systems, but they’re listed in a separate classified report. FDIC concurred with those recommendations, GAO said.