Cyber security threat levels

What do the different threat levels indicate?

Guarded status indicates a general threat of increased cyber (hacker intrusions, viruses, etc.) activity with no specific threat directed towards the financial service industry. The potential exists for malicious cyber activities, but no known exploits have been identified, or known exploits have been identified but no significant impact has occurred.

Examples:

  • A critical vulnerability is discovered but no exploits are reported.
  • A critical vulnerability is being exploited but there has been no significant impact.
  • A new malware is discovered with the potential to spread quickly.

Elevated status indicates a significant risk due to increased hacking, virus, or other malicious activity that compromises systems or diminishes services applicable to the financial services industry. There are known vulnerabilities that are being exploited with a moderate level of damage or disruption, or the potential for significant damage or disruption is high.

Examples:

  • An exploit for a critical vulnerability exists that has the potential for significant damage.
  • A critical vulnerability is being exploited and there has been a moderate impact.
  • A malware is spreading quickly in the wild.

High status indicates a high risk of increased hacking, virus, or other malicious cyber activity affecting the financial services industry that targets or compromises important IT assets, causing business outages or multiple system compromises. Vulnerabilities are being exploited with a high level of damage or disruption to the business, or the potential for severe damage or disruption is high.

Examples:

  • An exploit for a critical vulnerability exists that has the potential for severe damage.
  • A critical vulnerability is being exploited and there has been significant impact.
  • There are reports of multiple campaigns targeting the financial services industry.

Severe status indicates a severe risk of hacking, virus, or other malicious activity resulting in widespread outages and/or significantly destructive compromises to systems without known remedy, applicable to the financial services industry. At this level, vulnerabilities are being exploited with a severe level or widespread level of damage or disruption.

Examples:

  • Complete network failures
  • Mission-critical application failures
  • Highly targeted attacks against the financial services industry exploiting critical vulnerabilities