Wall St. Is Told to Tighten Digital Security of Partners
The New York Times (04/09/15) P. B7 Goldstein, Matthew
New York Department of Financial Services Superintendent Benjamin Lawsky revealed that a survey of 40 banks found that only about 33 percent require their outside vendors to notify them of any breach in their own networks that could compromise confidential information of the bank and its customers. Less than 50 percent of banks surveyed conduct regular on-site inspections to ensure vendors have adequate security measures in place, and only about half require vendors to provide a warranty that their products and data streams are secure and virus-free. Lawsky said that banks and other financial institutions clearly need to do more to improve their oversight of vendors and to improve their own cyber security. “Things are in a great state of flux in terms of the institutions and for regulators, too, but all of these things need to be tightened up in a very serious way,” he noted. Lawsky’s office continues to work on guidelines for banks and other financial firms to monitor and improve the security of outside vendors, and one recommendation could be that financial firms obtain guarantees from vendors about security quality through the contracting process. Another area of concern for financial firms is the security of large law firms that conduct regulatory work for banks and advise them on corporate transactions. Moreover, the bank survey found that U.S. financial firms tend to lag behind their European counterparts in terms of safeguarding information shared with third-party vendors. Lawsky’s office also has sent a similar survey on vendor oversight to insurance companies. “The fight against cyberterrorism and cybercrime is one that is not going away. We need to start that fight with certain basic hygiene tests and that involves tightening your security with vendors and tightening your security with multifactor authentication,” he said.
Web Link | Return to Headlines
Surprising Number of Cyber Attacks Aim to Destroy, Not Steal
Reuters (04/07/15) Menn, Joseph
Hacking attacks that destroy rather than steal data or that manipulate equipment are far more prevalent than widely believed, according to a survey of critical infrastructure organizations throughout North and South America. The poll by the Organization of American States, to be released on Tuesday, found that 40 percent of respondents had battled attempts to shut down their computer networks, 44 percent had dealt with bids to delete files and 54 percent had encountered “attempts to manipulate” their equipment through a control system. Those figures, provided exclusively to Reuters ahead of the official release, are all the more remarkable because only 60 percent of the 575 respondents said they had detected any attempts to steal data, long considered the predominant hacking goal. Destruction of data presents little technical challenge compared with penetrating a network, so the infrequency of publicized incidents has often been ascribed to a lack of motive for attackers. Now that hacking tools are being spread more widely, however, more criminals, activists, spies and business rivals are experimenting with such methods.