US Banks Face New Demands To Protect Themselves From Hackers

Hackers who relentlessly pursue banks may run into tougher defenses as the Federal Reserve and other US regulators force the biggest lenders to plug any vulnerabilities.

Banking agencies released a proposal on the 19th October for rules that would require lenders, and the outside firms that serve them, to better safeguard themselves and their customers. Banks with more than $50 billion in assets and other systemically significant firms would have to establish board-approved protections that make them more aware of what’s happening in their own systems. The proposal also aims to keep successful cyber-attacks from spreading damage through the broader financial sector.

Affected companies “would be required to be capable of operating critical business functions in the face of cyber-attacks and continuously enhance their cyber resilience,” the regulators said. The proposal also demands “secure, immutable, off-line storage of critical records.”

Self-Defense

Digital breaches have cost the financial industry billions and prompted banks to hire armies of cyber defenders in recent years. So, the Fed, the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corp. devised a plan that sets the minimum each lender must do to show it’s protecting itself. For instance, the banks’ most critical systems that the wider financial system depends on would have to be able to recover from attacks within two hours.

In what could be a windfall for outside companies that provide cyber protection, those systems would also have to be shielded by “the most effective, commercially available controls,” though agency officials gave no further details on how that would be defined.

The outside vendors are also getting more scrutiny. Consumer Financial Protection Bureau Director Richard Cordray, a member of the FDIC’s board, flagged the “utter dependence” of banks on their technology and outside service providers. Risks may develop in those firms, he said, meaning bank customers could have less control over emerging problems.

Multiple Attacks

The agencies approved an advance notice of proposed rulemaking, a preliminary step that means a final measure could still be many months in the making. The public will have 90 days to comment on the initial ideas.

The banking industry has been stunned by recent computer muggings, including a February hack of Bangladesh’s central bank in which thieves made off with $81 million and the 2014 incursion of JPMorgan Chase & Co. that compromised information on millions of customers.

In recent years, regulators’ public responses to hacks have mostly consisted of issuing guidance and industry alerts. The escalating attacks have put pressure on them to do more, and a formal rule could give the government more power to crack down on lenders it thinks aren’t doing enough. New rules would update information-security standards that were issued well before modern threats emerged.

In JPMorgan’s 2015 annual report, Chief Operating Officer Matt Zames said thousands of employees were working from three global security-operations centers to protect the bank. He noted that every month they find more than 200 million malicious e-mails -- each the potential foothold for an attack.

Campaign Issue

Cybersecurity breaches, including the routine hacking of e-mails from government, political and corporate officials, have been a factor in this year’s presidential election. Democratic officials have accused Russia of hacking e-mails and then providing WikiLeaks with sensitive documents aimed at undermining Hillary Clinton’s bid for the White House.

Clinton has said cyber warfare is one of the biggest threats the next administration must deal with, especially those attacks supported by countries including Russia. While Republican candidate Donald Trump has cast some doubt on whether foreign nations may be involved in attacks, he said during a debate last month that “we are not doing the job we should be doing” and “we have to get very, very tough on cyber.”

Informatics-Management:      SWIFT Discloses More Bank Thefts:

 

« Valuable Security Assets Are Human, Not Technical
US Intelligence Has The Evidence That Proves Russian Presidential Election Interference »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Protection Group International (PGI)

Protection Group International (PGI)

PGI helps organisations and governments to manage digital risk. From cyber security services to business intelligence, we help reduce the risks to your finances, reputation, assets and people.

NDK InfoSec

NDK InfoSec

NDK InfoSec is a specialist Information Security and Cyber Security search firm. We're not just a security function in a larger generalist recruitment company.

Zacco

Zacco

Zacco offer a 360° perspective on intellectual property: From patent filing and trademark registration to software development, digital brand protection, cyber security and portfolio management.

PurpleSynapz

PurpleSynapz

PurpleSynapz provides hyper-realistic Cyber Security Training with a modern curriculum and Cyber Range.

Skudo

Skudo

Skudo is dedicated to creating innovative best-in-class solutions that protect data exchange with the highest level of security and privacy.

Rocky Mountain Cybersecurity

Rocky Mountain Cybersecurity

Rocky Mountain Cybersecurity's mission is to provide value by dramatically improving the cybersecurity posture of our clients and business partners.

Cyera

Cyera

Cyera is the data security company that gives businesses context and control over their most valuable asset: data.

WinMagic

WinMagic

At WinMagic, we’re dedicated to making authentication and encryption solutions that protect data without causing user friction so that everyone can work freely and securely.

IGI Cybersecurity

IGI Cybersecurity

IGI Cybersecurity delivers people-driven cybersecurity for personalized, resilient cyber defense focused on individualized strategy and unshakeable partnership.

Antivirus Tales

Antivirus Tales

Antivirus Tales offers a platform to resolve all types of antivirus-related issues. The platform also provide various blog articles and informative guides to fix antivirus software errors.

LOCH Technologies

LOCH Technologies

LOCH Wireless Machine Vision platform delivers next generation cybersecurity, performance monitoring, and cost management for all 5G and for broad-spectrum IoT, IoMT and OT wireless environments.

HP Wolf Security

HP Wolf Security

HP Wolf Security protects your organization and devices from cyberattacks no matter where, when or how you work.

Merlin Ventures

Merlin Ventures

Merlin Ventures is a strategic investor focused on driving growth and value for cybersecurity software companies with market-leading potential.

Cyber Guards

Cyber Guards

Cyber Guards provide comprehensive, turn-key cyber security programs for small and mid-size business for about the cost of one full-time cybersecurity hire.

UFS Technology

UFS Technology

UFS, the bank technology outfitter for community banks, provides purpose-built, bank-exclusive technology services and solutions including cybersecurity.

CyberUpgrade

CyberUpgrade

CyberUpgrade is on a mission to empower executives to gain control over their organization’s cybersecurity.