Cyber Attacks On Banks Prompt New Regulatory Safeguards

 Janet Yellen, Chair of the Board of Governors of the US Federal Reserve System.

US regulators plan to require banks to adopt baseline safeguards to shield themselves from cyber-threats after a series of assaults cost the industry billions of dollars and shook consumer confidence, said people with knowledge of the matter.

The Federal Reserve is leading other agencies in crafting the protections, which would be minimum standards, said the people who asked not to be named because work on the measures isn’t public. The effort stems partly from a concern that as digital breaches become more frequent and aggressive, an attack could cripple the entire financial system.

The Fed is working with the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corp., said the people. Further details on the agencies’ plans couldn’t be determined, so it’s not clear whether costly efforts that lenders have already undertaken would put them in compliance with what regulators propose.

The industry has been stunned by recent computer muggings, including a February hack of Bangladesh’s central bank in which thieves made off with $81 million and the 2014 incursion of JPMorgan Chase & Co. that led to information on millions of customers being compromised. The attacks have spurred financial firms to try to fend off attacks by hiring thousands of employees to monitor threats and upgrading their technology.

The agencies’ first step would be to solicit public input on ideas for boosting banks’ defenses, which regulators would study before following up with a more formal proposal. The multistage rule process could stretch into next year.

In recent years, banking regulators’ public responses to hacks have mostly consisted of issuing guidance and industry alerts. But the escalating attacks have put pressure on them to do more, and a formal rule could give the government a greater ability to crack down on lenders it thinks aren’t doing enough to protect themselves. While the agencies years ago established information-security standards for banks, those measures were issued well before the modern threats emerged.

In JPMorgan’s 2015 annual report, Chief Operating Officer Matt Zames described the bank’s thousands of employees working from three global security-operations centers to protect the firm. He noted that every month they find more than 200 million malicious e-mails -- each the potential foothold for an attack on the bank.

‘Unconstrained Budget’

Bank of America Corp. finds it “very tough to keep ahead of those who would do us harm” even with the lender committing an “unconstrained budget” to securing information, Cathy Bessant, who runs operations and technology at the bank, said in an April interview with Bloomberg Television.

The danger of “potentially catastrophic” malware assaults was flagged recently by the panel of US regulators formed to deal with emerging risks to the financial system, the Financial Stability Oversight Council. 

Recently, the group called on financial regulators to set up a “common risk-based approach” for figuring out whether firms can block digital invaders, and that agencies remove hurdles that deter companies from talking to each other, the government and the public about how hackers are coming after them.

Last year, Congress passed legislation that lets companies share real-time data on hacking threats without opening themselves up to customer lawsuits.

The Fed itself got roped into this year’s audacious theft of millions of dollars from Bangladesh Bank, as the thieves reportedly transferred funds from that central bank’s account at the New York Federal Reserve after breaching the widely used messaging system run by the Society for Worldwide Interbank Financial Telecommunication, better known as Swift.

Top Issue

Swift connects members who are crucial to the global financial system, including central and commercial banks, money managers and Wall Street securities firms. The Bangladesh attack and other similar ones that have occurred recently relied on false messages routing money to the thieves’ accounts in what Swift has called a “wider and highly adaptive campaign targeting banks.”

While banking regulators are preparing new standards to address threats, the Commodity Futures Trading Commission has already proposed a cybersecurity measure requiring mandatory testing of safeguards at derivatives firms. CFTC Chairman Timothy Massad has said the agency’s work should be finished this year, adding that the risk posed by hackers is “the most important single issue we face in terms of financial market stability and integrity.”

Information- Management

 

« Cyber Threats & Nuclear Weapons
Quantum Computing: The US Airforce Needs Help »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Leonardo

Leonardo

Leonardo (formerly Finmeccanica) is a global high-tech company in Aerospace, Defence, Security & Information Systems including Cybersecurity & ICT solutions.

C2B2 Consulting

C2B2 Consulting

C2B2 are experts in middleware support and consultancy. We specialise in ensuring scalability, performance and security of large scale systems.

Atomicorp

Atomicorp

Atomicorp, the leader in Secure Linux, is a developer of solutions for the protection and support of cloud, virtual, shared, and dedicated web hosting environments.

WizNucleus

WizNucleus

WizNucleus develops, markets and supports a software platform (Cyberwiz-Pro) that enables Critical Infrastructure enterprises to ensure the future state of their cybersecurity and remain compliant.

VietSunshine

VietSunshine

VietSunshine is a leading provider of network security infrastructure and solutions in Vietnam.

IoTsploit

IoTsploit

IoTsploit provides 20/20 visibility of network connections, protecting critical infrastructure assets from IoT vulnerabilities.

oneM2M

oneM2M

oneM2M is a global organization creating a scalable and interoperable standard for communications of devices and services used in M2M applications and the Internet of Things.

Swisscom Blockchain

Swisscom Blockchain

Swisscom Blockchain is focused on supporting the implementation and adaption of Blockchain-based platforms in enterprises across diverse industries.

DMARC360

DMARC360

DMARC360 analyzes your email traffic patterns and sources, rapidly deploys email authentication protocols and monitors your email domains with automated recommendations and incident response.

CrowdSec

CrowdSec

CrowdSec is an open-source & participative IPS able to analyze visitor behavior by parsing logs & provide an adapted response to all kinds of attacks.

BaXian Group

BaXian Group

BaXian AG is an international consulting company specializing in IT security, data analytics, risk management and compliance.

Eleos Labs

Eleos Labs

Eleos Labs' suite of security tools prevent Web3 cyber attacks, reduce economic risks, and protect digital assets.

PyNet Labs

PyNet Labs

PyNet Labs is a Training Company serving corporates as well as individuals across the world with ever-changing IT and technology training.

Blink Ops

Blink Ops

Blink helps security teams streamline everyday workflows and protect your organization better.

Silobreaker

Silobreaker

Silobreaker is a SaaS platform that enables threat intelligence teams to produce high-quality and relevant intelligence at a faster pace.

One Step Secure IT

One Step Secure IT

One Step provide Managed IT Services, Cybersecurity Protections, and Compliance to businesses in the USA nationwide.