Traceable, an API security and observability company, has announced that it is providing API security measures to enable FDIC-insured financial institutions to meet the latest Federal Financial Institutions Examination Council (FFIEC) cybersecurity compliance mandates. This update, which was announced on October 3, 2022, calls out APIs as a separate attack surface in regulatory guidelines, highlighting the increased threats that APIs pose to financial institutions.
These new guidelines from FFIEC prompt financial institutions to inventory APIs as part of their overall inventory of information systems and risk assessments. Banks use APIs with their digital banking services and information system access points, making the sharing of data easier and the customer banking experience better. However, as a top attack vector, APIs can be compromised in seconds if not carefully identified and secured, putting businesses and their customers' sensitive data at significant risk.
Traceable is working closely with top financial institutions to enable them to take the first step in securing their APIs, as required by FFIEC. Traceable discovers and identifies all APIs, including internal, external, third-party, and partner APIs, with its data-rich catalog, providing comprehensive and real-time visibility into clients' entire API ecosystem and API sprawl. According to Richard Bird, Chief Security Officer at Traceable, "This year will be a reckoning for financial institutions."
He also highlights that with an average of three banking-related APIs connected to customers, it is important for financial institutions to understand their APIs and act immediately to protect their data and their customers.