FFIEC CAT: What It Is, Why It Matters & 3 Reasons To Steer Clear of Free Tools

TYLER HARDISON

CHIEF TECHNOLOGY OFFICER

linkedin logo /hardisont

Oct 24, 2019

#Cybersecurity

As cyber attacks targeting organizations continue to rise, financial institutions want to ensure that they are prepared with a level of security that is impenetrable. This is understandable, as not only the number of attacks are increasing but the cost of losses keep on climbing.

One of the standard ways FIs can look into this is by going through the manual process of learning about and going through the exercise answering questions in a 57 page PDF file supplied by the Federal Examination Council (FFIEC) called the Cybersecurity Assessment Tool (CAT).

Information security companies such as Redhawk Network Security have become experts in this assessment, as there is tremendous value in institutions going through the process.

The problem?

This process is convoluted. It relies on institutions having the time to go through the manual process. And there is no kind of follow-up schedule; it’s an exercise that is written in a “one and done” mentality when it should be a continuous process.

This resource is meant to educate about what the FFIEC CAT is, why it matters, why “free” tools that are offered don’t cut it and three predictions about the future of the CAT.

What is the FFIEC Cybersecurity Assessment Tool?

The Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (CAT) is a government-created resource. This “tool” was developed by the FFIEC to help organizations identify cybersecurity risk and weaknesses. It’s an authoritative tool that works well for organizations with IT departments that have a lot of time to go through a self-guided process.

The FFIEC CAT also comes in an Excel spreadsheet form. Some organizations have made specific changes to make their versions user friendly. If you want to go with the official, newly updated resource, in 2019 that resource is the downloadable PDF.

Why the FFIEC CAT Matters

Financial Institutions need to check-in and take an honest assessment to see how sophisticated their cybersecurity measures are. This isn’t a one-time deal either, as the persistent nature of cyber attacks make cybersecurity something that needs to evolve along with different attack methods.

The FFIEC CAT is a yard stick to measure how prepared your organization is and some of the risks that may be exposed.

What About Those Free FFIEC CAT Solutions?

The FFIEC CAT tool is free… so why not look at some free FFIEC CAT tools that organizations offer?

There are three problems with this using a free service:

  1. You get what you pay for. You’ll need to invest as much time as going through the exercise yourself to likely interpret the results and figure out the action items.
  2. Your customer profile is completely visible. You’ll be providing enough information for companies offering free FFIEC CAT software to know how to upsell you into other services. The old adage applies: There is no such thing as a free lunch.
  3. Your data is one and done. You get one snapshot in time of your cybersecurity maturity. Want to see how you compare 3, 6 or 12 months later? You’re going to have to pay.

What You Should Use For Your 2019 FFIEC CAT Tool Assessment

The Redhawk Cybersecurity Assessment Tool gives organizations options on how much professional expertise they would like to complete the assessment.

Our Core service includes FFIEC CAT software that helps users guide through the questions and get clear, action-oriented answers to questions the PDF / spreadsheet combo simply do not provide.

With Assist you get a dedicated Redhawk Network Security advisor at your side, helping you answer questions and talking through the answers. Have a question about anything presented? We will easily translate how it applies to your organization.

Lastly, Head-Start is our white-glove approach, having our senior security experts take the assessment for your organization and provide a roadmap for full cybersecurity coverage. It also provides coaching past that first year assessment on how to tackle assessments in 2020 and beyond.

Not sure what you need? Sign up for a FFIEC Cat consultation and we can see which of those options best fits your needs.

The Future of the FFIEC Cybersecurity Assessment Tool: 2020 and Beyond

Rest assured, the FFIEC CAT is here to stay. We’ve seen updates to this tool for several years now and will likely look to see more. As mentioned previously, the number of cyberattacks are increasing as well as the sophistication of the methods of these attacks are improving. The Federal Financial Institutions Examination Council (FFIEC) will continue to iterate this PDF but will continue doing so in a blanket way that any organization can slightly fit into the mold.

Redhawk Network Security is dedicated to allowing organizations of all sizes to get the most of this tool in any type of hands on (or off!) approach they wish to do so.

Not sure where to even start? Schedule a free consultation and we’ll get you on the right path to cybersecurity preparedness.



next steps

Let's Schedule Your No-Risk Assessment.