US Banks Face New Demands To Protect Themselves From Hackers

Uploaded on 2016-10-26 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Hackers who relentlessly pursue banks may run into tougher defenses as the Federal Reserve and other US regulators force the biggest lenders to plug any vulnerabilities.

Banking agencies released a proposal on the 19th October for rules that would require lenders, and the outside firms that serve them, to better safeguard themselves and their customers. Banks with more than $50 billion in assets and other systemically significant firms would have to establish board-approved protections that make them more aware of what’s happening in their own systems. The proposal also aims to keep successful cyber-attacks from spreading damage through the broader financial sector.

Affected companies “would be required to be capable of operating critical business functions in the face of cyber-attacks and continuously enhance their cyber resilience,” the regulators said. The proposal also demands “secure, immutable, off-line storage of critical records.”

Self-Defense

Digital breaches have cost the financial industry billions and prompted banks to hire armies of cyber defenders in recent years. So, the Fed, the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corp. devised a plan that sets the minimum each lender must do to show it’s protecting itself. For instance, the banks’ most critical systems that the wider financial system depends on would have to be able to recover from attacks within two hours.

In what could be a windfall for outside companies that provide cyber protection, those systems would also have to be shielded by “the most effective, commercially available controls,” though agency officials gave no further details on how that would be defined.

The outside vendors are also getting more scrutiny. Consumer Financial Protection Bureau Director Richard Cordray, a member of the FDIC’s board, flagged the “utter dependence” of banks on their technology and outside service providers. Risks may develop in those firms, he said, meaning bank customers could have less control over emerging problems.

Multiple Attacks

The agencies approved an advance notice of proposed rulemaking, a preliminary step that means a final measure could still be many months in the making. The public will have 90 days to comment on the initial ideas.

The banking industry has been stunned by recent computer muggings, including a February hack of Bangladesh’s central bank in which thieves made off with $81 million and the 2014 incursion of JPMorgan Chase & Co. that compromised information on millions of customers.

In recent years, regulators’ public responses to hacks have mostly consisted of issuing guidance and industry alerts. The escalating attacks have put pressure on them to do more, and a formal rule could give the government more power to crack down on lenders it thinks aren’t doing enough. New rules would update information-security standards that were issued well before modern threats emerged.

In JPMorgan’s 2015 annual report, Chief Operating Officer Matt Zames said thousands of employees were working from three global security-operations centers to protect the bank. He noted that every month they find more than 200 million malicious e-mails -- each the potential foothold for an attack.

Campaign Issue

Cybersecurity breaches, including the routine hacking of e-mails from government, political and corporate officials, have been a factor in this year’s presidential election. Democratic officials have accused Russia of hacking e-mails and then providing WikiLeaks with sensitive documents aimed at undermining Hillary Clinton’s bid for the White House.

Clinton has said cyber warfare is one of the biggest threats the next administration must deal with, especially those attacks supported by countries including Russia. While Republican candidate Donald Trump has cast some doubt on whether foreign nations may be involved in attacks, he said during a debate last month that “we are not doing the job we should be doing” and “we have to get very, very tough on cyber.”

Informatics-Management:      SWIFT Discloses More Bank Thefts:

 

« Valuable Security Assets Are Human, Not Technical
US Intelligence Has The Evidence That Proves Russian Presidential Election Interference »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Finjan Holdings

Finjan Holdings

Finjan solutions are aimed at keeping the web, networks, and endpoints safe from malicious code and security threats.

SISA

SISA

SISA is a global forensics-driven cybersecurity solutions company, trusted by leading organizations for securing their businesses with robust preventive and corrective cybersecurity solutions.

Athena Dynamics

Athena Dynamics

Athena Dynamics focuses on Cyber Security, especially in Critical Information Infra-structure Protection and Enterprise IT Operation Management products and Services.

Sequitur Labs

Sequitur Labs

Sequitur Labs is developing seminal technologies and solutions to secure and manage connected devices of today and in the future.

Business Continuity

Business Continuity

Business Continuity delivers integrated IT solutions for cybersecurity, virtualization, cloud platforms and operational security solutions.

A-LIGN

A-LIGN

A-LIGN is a technology-enabled security and compliance partner trusted by more than 2,500 global organizations to mitigate cybersecurity risks.

Securis

Securis

Securis provides organizations and agencies with the highest level of professional, ultra-secure data destruction and IT recycling.

Blueskytec (BST)

Blueskytec (BST)

Blueskytec has applied its experience of over three decades of working in the field of embedded systems and encryption to provide a scalable and appropriate technology for cyber-physical devices.

Secberus

Secberus

SECBERUS creates cloud security technology to help organizations stay secure & compliant in the public cloud.

Liquid Intelligent Technologies

Liquid Intelligent Technologies

Liquid Intelligent Technologies is a leading communications solutions provider across Africa, providing reliable connectivity, hosting, co-location, and digital services including cyber security.

stackArmor

stackArmor

stackArmor specializes in compliance and security-focused solutions delivered using our Agile Cloud Transformation (ACT) methodology.

Gatefy

Gatefy

Getfy is a cybersecurity company specialized in artificial intelligence and machine learning. We work to solve challenging issues, especially those involving email security.

Cyber Capital Partners

Cyber Capital Partners

Cyber Capital Partners build strategic and financial partnerships with small and mid-sized cybersecurity companies in highly regulated markets.

NMi Group

NMi Group

NMi Group is a global pioneer in mission-critical Testing, Inspection, Certification, and Calibration (TICC) services.

DeepTempo

DeepTempo

At DeepTempo, we build AI models and related software that protect enterprises and service providers from sophisticated cyber threats.

HyperSphere

HyperSphere

HyperSphere Data Protect is a patented technology establishing the world’s first cyberstorage solution designed to make data resilient against AI and quantum threats.