US Banks Face New Demands To Protect Themselves From Hackers

Hackers who relentlessly pursue banks may run into tougher defenses as the Federal Reserve and other US regulators force the biggest lenders to plug any vulnerabilities.

Banking agencies released a proposal on the 19th October for rules that would require lenders, and the outside firms that serve them, to better safeguard themselves and their customers. Banks with more than $50 billion in assets and other systemically significant firms would have to establish board-approved protections that make them more aware of what’s happening in their own systems. The proposal also aims to keep successful cyber-attacks from spreading damage through the broader financial sector.

Affected companies “would be required to be capable of operating critical business functions in the face of cyber-attacks and continuously enhance their cyber resilience,” the regulators said. The proposal also demands “secure, immutable, off-line storage of critical records.”

Self-Defense

Digital breaches have cost the financial industry billions and prompted banks to hire armies of cyber defenders in recent years. So, the Fed, the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corp. devised a plan that sets the minimum each lender must do to show it’s protecting itself. For instance, the banks’ most critical systems that the wider financial system depends on would have to be able to recover from attacks within two hours.

In what could be a windfall for outside companies that provide cyber protection, those systems would also have to be shielded by “the most effective, commercially available controls,” though agency officials gave no further details on how that would be defined.

The outside vendors are also getting more scrutiny. Consumer Financial Protection Bureau Director Richard Cordray, a member of the FDIC’s board, flagged the “utter dependence” of banks on their technology and outside service providers. Risks may develop in those firms, he said, meaning bank customers could have less control over emerging problems.

Multiple Attacks

The agencies approved an advance notice of proposed rulemaking, a preliminary step that means a final measure could still be many months in the making. The public will have 90 days to comment on the initial ideas.

The banking industry has been stunned by recent computer muggings, including a February hack of Bangladesh’s central bank in which thieves made off with $81 million and the 2014 incursion of JPMorgan Chase & Co. that compromised information on millions of customers.

In recent years, regulators’ public responses to hacks have mostly consisted of issuing guidance and industry alerts. The escalating attacks have put pressure on them to do more, and a formal rule could give the government more power to crack down on lenders it thinks aren’t doing enough. New rules would update information-security standards that were issued well before modern threats emerged.

In JPMorgan’s 2015 annual report, Chief Operating Officer Matt Zames said thousands of employees were working from three global security-operations centers to protect the bank. He noted that every month they find more than 200 million malicious e-mails -- each the potential foothold for an attack.

Campaign Issue

Cybersecurity breaches, including the routine hacking of e-mails from government, political and corporate officials, have been a factor in this year’s presidential election. Democratic officials have accused Russia of hacking e-mails and then providing WikiLeaks with sensitive documents aimed at undermining Hillary Clinton’s bid for the White House.

Clinton has said cyber warfare is one of the biggest threats the next administration must deal with, especially those attacks supported by countries including Russia. While Republican candidate Donald Trump has cast some doubt on whether foreign nations may be involved in attacks, he said during a debate last month that “we are not doing the job we should be doing” and “we have to get very, very tough on cyber.”

Informatics-Management:      SWIFT Discloses More Bank Thefts:

 

« Valuable Security Assets Are Human, Not Technical
US Intelligence Has The Evidence That Proves Russian Presidential Election Interference »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Leonardo

Leonardo

Leonardo (formerly Finmeccanica) is a global high-tech company in Aerospace, Defence, Security & Information Systems including Cybersecurity & ICT solutions.

IEEE Computer Society

IEEE Computer Society

The IEEE Computer Society is the world's leading membership organization dedicated to computer science and technology.

Law Enforcement Cyber Center (LECC)

Law Enforcement Cyber Center (LECC)

LECC is designed to assist police, digital forensic investigators, detectives, and prosecutors who are investigating and preventing crimes that involve technology.

Nixu

Nixu

Nixu is the largest Nordic specialist company in information security consulting.

DCIT

DCIT

DCIT is a specialist in providing comprehensive consulting and auditing services in the field of information technology, PROVYS development software and security system AuditSquare.

Acalvio Technologies

Acalvio Technologies

Acalvio provides Advanced Threat Defense (ATD) solutions to detect, engage and respond to malicious activity inside the perimeter.

CyPhyCon

CyPhyCon

CyPhyCon is an annual event exploring threats and solutions to cyber attacks on cyber-physical systems such as industrial control systems, Internet of Things and Industrial Internet of Things.

Cyble

Cyble

Cyble Vision enables faster detection of cyber threats and focuses on identifying and analysing the motivations, methods, capabilities and tools of adversaries.

GBT Technologies

GBT Technologies

GBT Technologies is a technology company focused on chip design and software to enable IoT, global mesh networks, and for applications relating to artificial intelligence.

DeepView

DeepView

DeepView delivers a unified platform for managing risk on digital platforms. One interactive secure portal allowing employees to engage their networks securely and compliantly.

HighPoint

HighPoint

HighPoint is a leading technology infrastructure solutions provider offering consultancy, solutions and managed services for network infrastructure and cybersecurity.

Talon Cyber Security

Talon Cyber Security

Talon delivers the leading enterprise browser designed to bring security to managed and unmanaged devices, regardless of location, device type or operating system.

AML Global Solutions (AMLGS)

AML Global Solutions (AMLGS)

AMLGS delivers Financial Crime prevention training programmes and consultancy services encompassing Anti-Money Laundering (AML), Counter Terrorism Financing (CTF), Bribery & Corruption and Fraud.

Oxford Internet Institute - University of Oxford

Oxford Internet Institute - University of Oxford

The Oxford Internet Institute is a multidisciplinary research and teaching department of the University of Oxford, dedicated to the social science of the Internet.

Vaultinum

Vaultinum

Vaultinum are a trusted independent third party specialized in the protection and audit of digital assets.

Nortal

Nortal

Nortal is a strategic digital transformation partner for leading companies and governments around the world.