Mortgage Data Lures Cybercriminals

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.cutimes.com/2015/10/20/mortgage-data-lures-cybercriminals-onsite-at-mba-a

The quality of of data retained by the mortgage industry – borrower assets,
and financial and personal records – as well as regulatory requirements to
retain data make it attractive to cybercriminals.

Quicken Loans Chief Information Officer Linglong He pressed that point
Tuesday during a general session panel at the Mortgage Bankers Association
Annual Conference that addressed privacy, technology and cybersecurity.

Compliance doesn’t equal cybersecurity, He continued.

Unlike the credit card industry, which has devoted resources over the past
10 years to strengthening cybersecurity, the mortgage industry hasn’t been
as focused on the issue, Fannie Mae Vice President and Chief Information
Security Officer Anthony Johnson added, making it a softer target.

Moderator Teresa Bryce Bazemore, president of the Philadelphia-based
private mortgage insurer Radian Guaranty, asked the panel, which also
included Teraverde Financial CEO James Deitch, how companies with limited
resources can combat cyberattacks.

Deitch said between 60% and 80% of personal information lost during
cybercrimes occurs not through a direct attack on technology systems but
through social engineering, which includes phishing emails. Therefore,
training and awareness is key.

He suggested firms utilize the MBA’s Information Security Program white
paper, which provides solutions that aren’t expensive or highly technical
to implement.

Johnson said cybersecurity training must communicate one simple lesson for
employees: Don’t talk to strangers.

“Most of our business lines do not do business in Eastern Europe or China,”
he said. “But we let our networks talk to them, and it introduces the
question of why? Oftentimes when I talk to customers, they say well, I
never really thought about turning that off. So, turn that off and that
takes care of about 85% of the threats that are off there.”

Although compliance has been costly for mortgage lenders, they must
intentionally invest in cybersecurity too, the panel said.

“We’ve just been through TRID, and it’s been a very all-encompassing
experience, so find the resources to allocate some dollars to information
security,” Deitch said. “It’s a process that every business – small, medium
and large – has to objectively and tangibly go through and evaluate their
risks and then match them to resources and spending.”

When it comes to vendors and cybersecurity, forget the old adage of trust
but verify, He said.

“Verify before trust,” she said.

He said she was speaking with a peer who said he wasn’t worried about his
data because it was maintained off site by a vendor.

“You have to verify everything,” she said. “You must conduct an assessment
of their security policy, how they do it.”

In fact, He said, mortgage lenders may want to visit vendors onsite to
ensure they maintain high cybersecurity standards.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!