NY Bank Regulator: Third Party Vendors Are a Backdoor to Hackers

dfs_seal2.gif

Benjamin M. Lawsky, Superintendent of the New York State Department of Financial Services (NYDFS), released a report warning banks that insufficient security at third-party vendors could provide a backdoor for hackers to gain access to critical systems and pilfer sensitive financial information.
“A bank’s cyber security is often only as good as the cyber security of its vendors. Unfortunately, those third-party firms can provide a backdoor entrance to hackers who are seeking to steal sensitive bank customer data,” Lawsky said.
Financial institutions rely on third-party vendors for a broad-range of services, ranging from law firms to companies contracted to maintain HVAC systems, and those vendors often have access to a bank’s information technology networks, providing a potential point of entry for hackers as was seen in the Target breach.
NYDFS conducted a survey of 40 banks, including many of the largest institutions it regulates, examining the security standards those firms have in place in regards to their third-party vendors.
“Among other findings, the NYDFS report uncovered that nearly 1 in 3 banks surveyed do not require their third-party vendors to notify them of cyber security breaches,” NYDFS said in a statement.
 “I am deeply worried that we are soon going to see a major cyber attack aimed at the financial system that is going to make all of us to shudder. Cyber hacking could represent a systemic risk to our financial markets by creating a run or panic that spills over into the broader economy, “Lawsky.
“We are concerned that within the next decade, or perhaps sooner, we will experience an Armageddon-type cyber event that causes a significant disruption in the financial system for a period of time.”
Norse:  http://bit.ly/1aTbQWM

« How Can You Survive Cyber Warfare?
United Airlines Bans Researcher After 'joke tweet' »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Dome9

Dome9

Dome9 is a cloud firewall management service that stops vulnerabilities, secures remote access, and centralizes policy management.

Cryptus Cyber Security

Cryptus Cyber Security

Cryptus Cyber Security is an Information Security Training company providing advanced training and services to IT Professionals.

Haystax Technology

Haystax Technology

Haystax’s security analytics platform applies artificial intelligence techniques to identify and prioritize threats in real time.

ElcomSoft

ElcomSoft

ElcomSoft is a global leader in computer and mobile forensics, IT security and forensic data recovery.

Netsafe

Netsafe

Netsafe is an independent, non-profit New Zealand organisation focused on online safety. We help people stay safe online by providing online safety education, advice and support.

Shieldfy

Shieldfy

Shieldfy is a cloud-based security shield for your website to protect it from cyber attacks and malwares.

CYE

CYE

Utilizing data, numbers, and facts, CYE helps security leaders know what business assets are at risk and execute cost-effective remediation projects for optimal risk prevention.

CyberDegrees.org

CyberDegrees.org

CyberDegrees.org aims to provide top-notch information for students seeking Cyber Security education and career guidance.

Snode Technologies

Snode Technologies

Snode's Guardian cybersecurity platform uses AI and machine learning to monitor, detect and proactively respond to all threats on every device within your network.

UMBRA

UMBRA

UMBRA is solely concerned with protecting governments against Nation State attacks. We are not a consumer or enterprise company.

Evolution Equity Partners

Evolution Equity Partners

Evolution Equity Partners is an international venture capital investor partnering with exceptional entrepreneurs to develop market leading cyber-security and enterprise software companies.

Viakoo

Viakoo

Viakoo is an Enterprise IoT Applications Management company providing performance, security, and compliance. Viakoo enables you to be proactive in maintaining cyber hygiene and protecting your network

Truesec

Truesec

TRUESEC has an exceptional mix of IT specialists. We are true experts in cyber security, advanced IT infrastructure and secure development.

Strike Security

Strike Security

Strike Security offers a continuous penetration testing platform that combines automation with ethical hackers.

Aspire Technology Solutions

Aspire Technology Solutions

Aspire is an award-winning IT Managed Service and Cyber Security Provider. We specialise in cyber security, cloud, connectivity, managed services, unified communications and IT support.

Permiso Security

Permiso Security

Permiso combines industry leading Identity Security Posture Management with Identity Threat Detection and Response, leaving no place to hide for identity threats lurking in your environment.