US Banks Face New Demands To Protect Themselves From Hackers

Uploaded on 2016-10-26 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Hackers who relentlessly pursue banks may run into tougher defenses as the Federal Reserve and other US regulators force the biggest lenders to plug any vulnerabilities.

Banking agencies released a proposal on the 19th October for rules that would require lenders, and the outside firms that serve them, to better safeguard themselves and their customers. Banks with more than $50 billion in assets and other systemically significant firms would have to establish board-approved protections that make them more aware of what’s happening in their own systems. The proposal also aims to keep successful cyber-attacks from spreading damage through the broader financial sector.

Affected companies “would be required to be capable of operating critical business functions in the face of cyber-attacks and continuously enhance their cyber resilience,” the regulators said. The proposal also demands “secure, immutable, off-line storage of critical records.”

Self-Defense

Digital breaches have cost the financial industry billions and prompted banks to hire armies of cyber defenders in recent years. So, the Fed, the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corp. devised a plan that sets the minimum each lender must do to show it’s protecting itself. For instance, the banks’ most critical systems that the wider financial system depends on would have to be able to recover from attacks within two hours.

In what could be a windfall for outside companies that provide cyber protection, those systems would also have to be shielded by “the most effective, commercially available controls,” though agency officials gave no further details on how that would be defined.

The outside vendors are also getting more scrutiny. Consumer Financial Protection Bureau Director Richard Cordray, a member of the FDIC’s board, flagged the “utter dependence” of banks on their technology and outside service providers. Risks may develop in those firms, he said, meaning bank customers could have less control over emerging problems.

Multiple Attacks

The agencies approved an advance notice of proposed rulemaking, a preliminary step that means a final measure could still be many months in the making. The public will have 90 days to comment on the initial ideas.

The banking industry has been stunned by recent computer muggings, including a February hack of Bangladesh’s central bank in which thieves made off with $81 million and the 2014 incursion of JPMorgan Chase & Co. that compromised information on millions of customers.

In recent years, regulators’ public responses to hacks have mostly consisted of issuing guidance and industry alerts. The escalating attacks have put pressure on them to do more, and a formal rule could give the government more power to crack down on lenders it thinks aren’t doing enough. New rules would update information-security standards that were issued well before modern threats emerged.

In JPMorgan’s 2015 annual report, Chief Operating Officer Matt Zames said thousands of employees were working from three global security-operations centers to protect the bank. He noted that every month they find more than 200 million malicious e-mails -- each the potential foothold for an attack.

Campaign Issue

Cybersecurity breaches, including the routine hacking of e-mails from government, political and corporate officials, have been a factor in this year’s presidential election. Democratic officials have accused Russia of hacking e-mails and then providing WikiLeaks with sensitive documents aimed at undermining Hillary Clinton’s bid for the White House.

Clinton has said cyber warfare is one of the biggest threats the next administration must deal with, especially those attacks supported by countries including Russia. While Republican candidate Donald Trump has cast some doubt on whether foreign nations may be involved in attacks, he said during a debate last month that “we are not doing the job we should be doing” and “we have to get very, very tough on cyber.”

Informatics-Management:      SWIFT Discloses More Bank Thefts:

 

« Valuable Security Assets Are Human, Not Technical
US Intelligence Has The Evidence That Proves Russian Presidential Election Interference »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

JumpCloud

JumpCloud

JumpCloud's Directory-as-a-Service (DaaS) is the single point of authority to authenticate, authorize, and manage the identities of a business’s employees and the systems and IT resources they need.

LRQA Nettitude

LRQA Nettitude

LRQA Nettitude is an award-winning global provider of cybersecurity services, bringing innovative thought leadership to the ever-evolving cybersecurity marketplace.

Cyber Security Research Centre - University of Cardiff

Cyber Security Research Centre - University of Cardiff

Cardiff University's Centre for Cyber Security Research is a leading UK academic research unit for cyber security analytics.

Ahope

Ahope

Ahope is a mobile security solution provider in Korea with a long history of security solution development.

ClearDATA

ClearDATA

The ClearDATA Managed Cloud protects sensitive healthcare data using purpose-built DevOps automation, compliance and security safeguards, and healthcare expertise.

Digi International

Digi International

Digi is a leading global provider of mission-critical and business-critical machine-to-machine (M2M) and Internet of Things (IoT) connectivity products and services.

Vilnius Tech Park

Vilnius Tech Park

The region‘s most complex and integrated ICT hub, Vilnius Tech Park aims to attract and unite innovative talent from big data, cyber security, smart solutions, fintech and digital design.

Blackpoint Cyber

Blackpoint Cyber

Blackpoint’s mission is to provide effective, affordable real-time threat detection and response to organizations of all sizes around the world.

HardSecure

HardSecure

Hardsecure supports organizations to face security threats through the adoption of cybersecurity capabilities that guarantee 360º monitoring, visibility, mitigation, and blocking.

Tangible Security

Tangible Security

Tangible employs the most sophisticated cyber security tools and techniques available to protect our clients’ sensitive data, infrastructure and competitive advantage.

Cognyte

Cognyte

Cognyte are a market leader in security analytics software that empowers governments and enterprises with Actionable Intelligence for a safer world.

Charles IT

Charles IT

Charles IT is your friendly, no-nonsense IT team focused on helping companies make their technology work for them. We focus on building relationships that deliver results.

Battery Ventures

Battery Ventures

Battery partners with talented founders and teams building category-defining businesses at all stages of growth.

Hush

Hush

Hush is a premium privacy service that gives people unprecedented visibility and control of their digital footprint. Hush assesses threats, and goes to work to eliminate digital risks on your behalf.

Cyrex

Cyrex

Cyrex is a Web3 security and development company. Our mastery over decentralized applications, smart contracts and blockchain will keep you secure across Web3.

Finlaw Associates

Finlaw Associates

Finlaw Associates is a trusted cybercrime law firm providing a wide range of taxation, legal, advisory and regulatory services to the financial, commercial and industrial communities.