NY Bank Regulator: Third Party Vendors Are a Backdoor to Hackers

Uploaded on 2015-04-29 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

dfs_seal2.gif

Benjamin M. Lawsky, Superintendent of the New York State Department of Financial Services (NYDFS), released a report warning banks that insufficient security at third-party vendors could provide a backdoor for hackers to gain access to critical systems and pilfer sensitive financial information.
“A bank’s cyber security is often only as good as the cyber security of its vendors. Unfortunately, those third-party firms can provide a backdoor entrance to hackers who are seeking to steal sensitive bank customer data,” Lawsky said.
Financial institutions rely on third-party vendors for a broad-range of services, ranging from law firms to companies contracted to maintain HVAC systems, and those vendors often have access to a bank’s information technology networks, providing a potential point of entry for hackers as was seen in the Target breach.
NYDFS conducted a survey of 40 banks, including many of the largest institutions it regulates, examining the security standards those firms have in place in regards to their third-party vendors.
“Among other findings, the NYDFS report uncovered that nearly 1 in 3 banks surveyed do not require their third-party vendors to notify them of cyber security breaches,” NYDFS said in a statement.
 “I am deeply worried that we are soon going to see a major cyber attack aimed at the financial system that is going to make all of us to shudder. Cyber hacking could represent a systemic risk to our financial markets by creating a run or panic that spills over into the broader economy, “Lawsky.
“We are concerned that within the next decade, or perhaps sooner, we will experience an Armageddon-type cyber event that causes a significant disruption in the financial system for a period of time.”
Norse:  http://bit.ly/1aTbQWM

« How Can You Survive Cyber Warfare?
United Airlines Bans Researcher After 'joke tweet' »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

RU-CERT

RU-CERT

RU-CERT is the CSIRT / CERT team of the Russian Federation.

AEI Cybersecurity

AEI Cybersecurity

AEI brings together companies, Research Centres, Universities, and other organizations interested in promoting new cybersecurity technologies.

AMETIC

AMETIC

AMETIC, is the Association of Electronics, Information and Communications Technologies, Telecommunications and Digital Content Companies in Spain.

European Organisation for Security (EOS)

European Organisation for Security (EOS)

EOS represents all domains of security solutions and services.providers including ICT information and communications technologies.

VisionWare

VisionWare

VisionWare provide consulting services and solutions in areas covering both physical and digital security.

TechCERT

TechCERT

TechCERT is Sri Lanka’s first and largest Computer Emergency Readiness Team (CERT).

Dell Technologies

Dell Technologies

Dell Technologies Consulting Services enables a highly resilient business amidst the proliferation of cloud-based IT services and constant threats to your most critical information.

Bessemer Venture Partners (BVP)

Bessemer Venture Partners (BVP)

Bessemer Venture Partners was born from innovations that literally forged modern building and manufacturing. Today, our team of investors works with people who want to create revolutions of their own.

Insight Partners

Insight Partners

Insight Partners is a leading global private equity and venture capital firm investing in growth-stage technology, software and Internet businesses.

Cyber Defense Networking Solutions (CDNS)

Cyber Defense Networking Solutions (CDNS)

CDNS is a global network infrastructure provider whose platforms are engineered for security, optimized for speed and designed for resiliency.

ramsac

ramsac

ramsac provide secure, resilient IT management, cybersecurity, 24 hour support and IT strategy to businesses in London and the South East.

Cider Security

Cider Security

Cider Security - It’s time to revolutionize the way Security, Dev and DevOps teams work together to supercharge security at the speed of engineering.

Arcserve

Arcserve

Defend your data with Arcserve all-in-one data protection and management solutions designed to be the right fit for your business, regardless of size or complexity.

ExtraHop

ExtraHop

ExtraHop's dynamic cyber defense platform uses cloud-scale AI to help enterprises detect and respond to advanced threats - before they compromise your business.

Staley Technologies

Staley Technologies

Staley Technologies is a US nationwide structured cabling, technology integrator, and Managed IT & Cyber Security provider.

HanaByte

HanaByte

HanaByte is a security consultancy focused on delivering state of the art solutions in the cloud. We specialize in delivering cloud services with an emphasis on security.