Banking and Insurance Regulators Focus on Cyber-Threats
- Aug 30, 2013
- Guest Author
If you are responsible for IT security in the financial services industry, you may have been asked by a regulator to disclose details on your company’s preparedness for cyber-attacks. NopSec has received requests for help from customers at banks, credit unions, and insurance. In our own backyard, the New York State Department of Financial Services has distributed a “Cyber-Security/Cyber-Risk Questionnaire” that covers topics such as penetration testing, vulnerability scanning tools, and emerging threats from mobile devices, social media, and Cloud computing.
Bank Information Security published an article, “OCC: Cyber Threats Among Top Risks”, based on the 2013 Semiannual Risk Perspective report from The Office of the Comptroller of the Currency. The article contends that, “the cyber-attacks facing banking institutions continue to evolve at an accelerated rate.”
The OCC report cited three specific risk factors: Adoption of new and less market-tested applications, reengineering of business processes, and increased reliance on outsourcing to reduce operating costs. NopSec’s customers have asked us to increasingly review new mobile and web-based applications as part of overall vulnerability management. And we recently had a banking customer “insource” some IT operations due to deficient security policies that were uncovered with their outsource vendor.
Insurance Journal ran a story titled, “New York Regulator Asks Insurers About Readiness for Cyber Threats” about a follow-up request similar to that sent to major banks earlier this year. According to the article, “Insurance companies, in some cases sometimes more than banks, hold incredibly sensitive information of regular people,”said Ben Lawsky, New York’s superintendent of financial services.
Helping customers respond to these regulatory questionnaires, and ensuring that policies and procedures are in place when the auditors come knocking, is what we do at NopSec. A proactive approach to vulnerability risk management can certainly keep your company out of the cross-hairs of regulators and auditors. I encourage you to read about how we’ve helped customers in financial services with “Customer Success Stories: Vulnerability Management“.