Cyber Attacks On Banks Prompt New Regulatory Safeguards

Uploaded on 2016-08-02 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-Financial

 Janet Yellen, Chair of the Board of Governors of the US Federal Reserve System.

US regulators plan to require banks to adopt baseline safeguards to shield themselves from cyber-threats after a series of assaults cost the industry billions of dollars and shook consumer confidence, said people with knowledge of the matter.

The Federal Reserve is leading other agencies in crafting the protections, which would be minimum standards, said the people who asked not to be named because work on the measures isn’t public. The effort stems partly from a concern that as digital breaches become more frequent and aggressive, an attack could cripple the entire financial system.

The Fed is working with the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corp., said the people. Further details on the agencies’ plans couldn’t be determined, so it’s not clear whether costly efforts that lenders have already undertaken would put them in compliance with what regulators propose.

The industry has been stunned by recent computer muggings, including a February hack of Bangladesh’s central bank in which thieves made off with $81 million and the 2014 incursion of JPMorgan Chase & Co. that led to information on millions of customers being compromised. The attacks have spurred financial firms to try to fend off attacks by hiring thousands of employees to monitor threats and upgrading their technology.

The agencies’ first step would be to solicit public input on ideas for boosting banks’ defenses, which regulators would study before following up with a more formal proposal. The multistage rule process could stretch into next year.

In recent years, banking regulators’ public responses to hacks have mostly consisted of issuing guidance and industry alerts. But the escalating attacks have put pressure on them to do more, and a formal rule could give the government a greater ability to crack down on lenders it thinks aren’t doing enough to protect themselves. While the agencies years ago established information-security standards for banks, those measures were issued well before the modern threats emerged.

In JPMorgan’s 2015 annual report, Chief Operating Officer Matt Zames described the bank’s thousands of employees working from three global security-operations centers to protect the firm. He noted that every month they find more than 200 million malicious e-mails -- each the potential foothold for an attack on the bank.

‘Unconstrained Budget’

Bank of America Corp. finds it “very tough to keep ahead of those who would do us harm” even with the lender committing an “unconstrained budget” to securing information, Cathy Bessant, who runs operations and technology at the bank, said in an April interview with Bloomberg Television.

The danger of “potentially catastrophic” malware assaults was flagged recently by the panel of US regulators formed to deal with emerging risks to the financial system, the Financial Stability Oversight Council. 

Recently, the group called on financial regulators to set up a “common risk-based approach” for figuring out whether firms can block digital invaders, and that agencies remove hurdles that deter companies from talking to each other, the government and the public about how hackers are coming after them.

Last year, Congress passed legislation that lets companies share real-time data on hacking threats without opening themselves up to customer lawsuits.

The Fed itself got roped into this year’s audacious theft of millions of dollars from Bangladesh Bank, as the thieves reportedly transferred funds from that central bank’s account at the New York Federal Reserve after breaching the widely used messaging system run by the Society for Worldwide Interbank Financial Telecommunication, better known as Swift.

Top Issue

Swift connects members who are crucial to the global financial system, including central and commercial banks, money managers and Wall Street securities firms. The Bangladesh attack and other similar ones that have occurred recently relied on false messages routing money to the thieves’ accounts in what Swift has called a “wider and highly adaptive campaign targeting banks.”

While banking regulators are preparing new standards to address threats, the Commodity Futures Trading Commission has already proposed a cybersecurity measure requiring mandatory testing of safeguards at derivatives firms. CFTC Chairman Timothy Massad has said the agency’s work should be finished this year, adding that the risk posed by hackers is “the most important single issue we face in terms of financial market stability and integrity.”

Information- Management

 

« Cyber Threats & Nuclear Weapons
Quantum Computing: The US Airforce Needs Help »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Lawley Insurance

Lawley Insurance

Lawley is a full-service, independent insurance agency. Specialty insurance products include Cyber Security.

Vector InfoTech

Vector InfoTech

Vector InfoTech is a leader in Industrial Security, Networks, IT and Telecommunications.

Visual Guard

Visual Guard

Visual Guard is a modular solution covering most application security requirements, from application-level security systems to Corporate Identity and Access Management Solutions.

ShadowDragon

ShadowDragon

ShadowDragon develops digital tools that simplify the complexities of modern investigations that involve multiple online environments and technologies.

Padlock

Padlock

Padlock is a trusted platform with an intimate knowledge of the cybersecurity industry that connects businesses with freelance professionals

Slovak National Accreditation Service (SNAS)

Slovak National Accreditation Service (SNAS)

SNAS is the national accreditation body for Slovakia. The directory of members provides details of organisations offering certification services for ISO 27001.

Carbonite

Carbonite

Carbonite offers all the tools necessary for protecting data from the most common forms of data loss, including ransomware, accidental deletions, hardware failures and natural disasters.

Council of Europe Convention on Cybercrime

Council of Europe Convention on Cybercrime

The Council of Europe helps to protect societies worldwide from the threat of cybercrime through the Convention on Cybercrime.

Everbridge

Everbridge

Everbridge provides enterprise software applications that automate and accelerate organizations’ operational response to critical events in order to keep people safe and businesses running.

Outseer

Outseer

Outseer is a leading technology company in the fight against payments fraud. Outseer reliably determines authentic customers from fraudulent behavior.

Apono

Apono

Apono enables DevOps and security teams to manage access to sensitive cloud assets and data repositories in a frictionless and compliant way.

Mailinblack

Mailinblack

Mailinblack protects your organisation against email threats with an innovative solution that meets your security requirements.

BlueSteel Cybersecurity

BlueSteel Cybersecurity

BlueSteel is a compliance consulting firm that leverages deep system, data and application expertise to build sustainable cybersecurity solutions.

SafePaas

SafePaas

SafePaas is a leading Enterprise Risk Management Platform. One source of truth for all your Audit, Risk, and Compliance requirements. Complete governance across your systems.

DHCO IT

DHCO IT

The DHCO IT team are experts in IT support, cyber security, cloud support and disaster recovery, and are Microsoft 365 partners.

AI Safety Institute (AISI)

AI Safety Institute (AISI)

The AI Safety Institute’s mission is to minimise surprise to the UK and humanity from rapid and unexpected advances in AI.