Data/Cyber

NYC banking regulator reveals cyber security guidelines

in , ,

BY Richard Summerfield

Unless you have been living under a rock for the last few years, it will not have escaped your attention that instances of cyber crime have become increasingly prevalent in the business community. It seems not a week goes by without a cyber breach grabbing the headlines  along with a swathe of sensitive data.

Various regulatory bodies have taken steps to guide firms through the minefield of cyber security. This week, New York’s leading banking regulator – the New York Financial Department of Services (NYDFS) – became the latest to follow suit. The NYDFS felt motivated to act as, in its own words, it "considers cyber security to be among the most critical issues facing the financial world today".

In a letter to other state and federal regulators, including the US Office of the Comptroller of the Currency and Federal Reserve Board of Governors, the NYDFS revealed details about its potential new cyber security regulations for the banks and insurance companies which fall under its jurisdiction. These regulations could include a requirement for institutions to notify companies of data breaches. "It is our hope that this letter will help spark additional dialogue, collaboration and, ultimately, regulatory convergence among our agencies on new, strong cyber security standards for financial institutions," wrote Anthony Albanese, NYDFS’ acting superintendent.

Organisations would also be obliged to ensure that contracts with third parties included a set of rules designed to keep sensitive data safe, including the use of multi-factor authentication, both internally and on customer log-on pages, and data encryption. Two step authentication is becoming increasingly popular online. Social media giants like Facebook and Twitter, services such as Gmail, and even online video games now offer multistep authentication. As such, it seems only logical that financial institutions embrace the technology.

Firms would also be required to appoint a chief information security officer if they do not already have one. The CISO would be responsible for overseeing policy, while cyber security staff would be required to undergo mandatory training.

Under potential new regulations, third party vendors – such as law firms, data processors and auditors – would also be required to achieve compliance moving forward.

News: NY banking regulator unveils details on planned cyber security rule

 

 

Lessons not learned as cyber crime still rife

in ,

BY Richard Summerfield

Companies operating in the current business climate face myriad difficulties and obstacles. One of the most potent and potentially damaging of these challenges is the scourge of cyber crime and cyber terrorism.

One need only look at the attacks on Ashley Madison, Sony and Target to see the extent of the financial, personal and reputational damage that cyber crime can inflict on companies and individuals.

Given the size and scale of some the most recent cyber attacks, it is difficult to imagine companies neglecting their cyber security obligations. However, according to a new report from PwC, nearly 10 percent of UK companies do not know how many cyber attacks they have suffered in recent years.

Furthermore, 14 percent of companies do not know how the attacks occurred. This is particularly disturbing as detected breaches in workplace security systems increased by 38 percent in the past year, according to PwC.

Cyber attacks via mobile phones in particular are becoming much more common. Thirty-six percent of respondents reported an increase in mobile attacks, up considerably from the 24 percent recoded last year. The average cost of those attacks is around £1.7m, the report notes.

PwC’s annual survey took in the opinions of more than 10,000 executives in more than 127 different countries. Much of the damage caused by cyber crime, according to the report, results from the actions of current staff members. Former employees were also a major source of cyber criminality.

But attitudes toward cyber security are changing. According to Dave Burg, global and US cyber security leader at PwC, the survey demonstrated a burgeoning awareness among corporates, many of whom are starting to act and think seriously about cyber security.

“We are seeing an increase in awareness of the risk and opportunities, and more boards are becoming more actively engaged in cyber security preparedness," said Mr Burg.

Despite the increase in boardroom awareness, more can and should be done at board level. The survey noted that 55 percent of boards do not participate in the overall security strategy. Furthermore, 42 percent of companies do not have an overall information strategy.

Report: The Global State of Information Security Survey 2016

Cyber risks still overlooked in dealmaking

in ,

Cybersecurity is now one of the most pressing concerns among the spectrum of risks arising in the M&A process. Intellectual property, operational efficiency, and financial controls are all at stake when companies embark upon a transaction without properly managing this risk. Recent large-scale attacks and the notoriety they have gained may be increasing awareness of these issues, but understanding how best to address them requires expertise that may be lacking among dealmakers.

FW moderates a discussion on cyber-security risks in M&A between Adam Pang at Merrill DataSite, David Stanton at Pillsbury Winthrop Shaw Pittman LLP and Timothy J. Nagle at Reed Smith LLP.

TalkingPoint: Managing cyber-security risks in M&A

Embrace the cloud to stay competitive, says PwC

in

BY Matt Atkins

According to a new PwC report, modern day financial institutions face increasing demands on two fronts: the need to consolidate their data centres and increase business agility.

After the burst of M&A activity which followed the 2008 financial collapse, organisations have been left with an overlapping mix of data centre assets which must now be consolidated into a more cohesive whole. In addition, in a continually changing business environment, institutions are feeling the pressure to innovate and embrace new technology.

In light of these challenges, says the report, CIOs are increasingly turning to cloud technology to transform their technology infrastructure and deliver consistent service to their global customers. Of the respondents to PwC's survey, 71 percent said they would invest more in cloud technology – up 18 percent on the previous year. The adoption of private clouds offers institutions a chance to address their data consolidation needs, in turn boosting IT agility, according to PwC.

Embracing cloud technology offers numerous rewards. Using the cloud, leading institutions are able to: adapt more rapidly when entering new markets; improve IT services to business units, enabling units to better serve their customers; and improve the consistency of service to customers worldwide, resulting in greater customer satisfaction and loyalty. The cloud also allows institutions to cope with the changing demands of software development lifecycles and technology change programs.

Security concerns remain a major consideration in cloud adoption. By its very nature, the cloud forces IT services to pay closer attention to potential risks in the strategic planning and implementation of data centres. However, while 46 percent of respondents reported their organisation uses cloud services, only 18 percent of financial organisations included provisions for the cloud in their security profile.

Moving to the cloud is a complex process, says PwC, and cloud strategy should be developed with the input of top management across the company. But when an institution strategically implements a private cloud solution, it can help the overall objectives of the organisation, as well as its IT goals.

Report: FS viewpoint: Clouds in the Forecast

Security concerns restrain mobile banking

in ,

BY Matt Atkins

Consumer fears surrounding security have dampened interest in the mobile technology services of financial institutions worldwide. These are the findings of Deloitte's new report, Mobile Financial Services: Raising the Bar on Customer Engagement, based on survey data from Andrews Research Associates.

Though financial services companies are largely eager to enter the mobile transaction market, the industry still has work to do before it captures the full potential of today's technology, finds the report.

Of those respondents who do not regularly use mobile devices for financial services, sixty-one percent cited security issues as the prime reason. Over one-third of those surveyed were most insecure about using financial services on mobile devices due to lack of trust in the security of the Wi-Fi and mobile networks transmitting their data. Twenty-eight percent were worried about their mobile device being lost or stolen. One in five respondents believed that the risk of identity theft was greater with mobile transactions.

To address security concerns, respondents supported measures to create more secure Wi-Fi or mobile networks, systems that automatically disable stolen mobile devices, and the adoption of more secure mobile identification methods such as biometric technology.

The survey did indicate that mobile products have been more widely adopted in the banking sector than in other financial service sectors, such as insurance. However, it still finds that banks "are at a decided disadvantage compared to other sectors" when it comes to security.

“The financial services industry is entering a new phase in its digital evolution, with mobile technology reshaping customer engagement in a dramatic manner, and increasingly becoming the primary method of a consumer's interaction with their financial services providers," said Jim Eckenrode, executive director of the Deloitte Center for Financial Services. "To boost adoption and set the stage for more ambitious applications, companies will likely have to take tangible steps to reassure consumers about the security of their mobile financial transactions."

Report: Mobile Financial Services: Raising the Bar on Customer Engagement

©2001-2024 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.