Wall Street Needs Better Safeguards Against Hackers, Says Regulator

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.ibtimes.com/wall-street-needs-better-safeguards-against-hackers-says-regulator-1875823

Financial regulators are raising concerns about weaknesses in the networks
of outside vendors that serve Wall Street's biggest banks, security lapses
that might allow hackers to gain access to sensitive financial data.

In a survey of 40 banks, New York state's top bank cop, Benjamin Lawsky,
found that fewer than half regularly inspected the security systems of
their outisde vendors. About two-thirds of the firms surveyed had no policy
in place requiring partners to give notice when their networks have been
compromised, the New York Times reports.

The IT firms, big data processors, law firms and other industries that
service banking titans provide potentially vulnerable entry points to the
vast troves of information stored in financial databases. In recent years,
concern over bank cybersecurity has spread to acknowledge these dangers,
particularly with law firms. Wall Street banks have also responded by
beefing up the walls around their systems. But the survey conducted by
Lawsky's Department of Financial Services found that banks have been slow
on the uptake.

Last summer, when a breach at JPMorgan compromised 83 million customer
accounts, the bank found that hackers had methodically probed numerous
JPMorgan vendors seeking access to its networks, including a website for
the bank's charity footrace. Though investigators eventually concluded that
JPMorgan's own internal systems had been penetrated, the incident was a
stark reminder that hackers will pull on any thread, no matter how distant
from the bank, to gain entry.

Watchdogs worry that light oversight of third-party firms connected to
banking networks could have grave consequences. Hundreds of millions of
people have their most sensitive financial and personal information stored
in bank accounts, an alluring mark for identity thieves and other
cybercriminals.

More troubling, regulators have increasingly sounded the alarm over
concerns that hackers could effect a systemic meltdown. The mind-boggling
complexity and interconnectedness of financial markets makes them
vulnerable to destabilizing attacks, whether from political malefactors or
hostile nation-states.

Lawsky, whose office is developing guidelines around bank vendor security,
told the Times that these issues are "in a great state of flux" and that
banks shouldn't be blamed for a rapidly changing cybersecurity landscape.
Even so, American firms are lagging behind their European counterparts in
securing third-party relationships, he said. And the consequences could be
dire.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!