uses cookies to make interactions with the Company’s Websites easy and meaningful. When you visit one of the Company’s Websites,’s servers send a cookie to your computer. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself to, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a “Contact Us” or a “Free Trial” Web form), you remain anonymous to the Company. Please go to our privacy statement for details.


Banking and Insurance Regulators Focus on Cyber-Threats

If you are responsible for IT security in the financial services industry, you may have been asked by a regulator to disclose details on your company’s preparedness for cyber-attacks. NopSec has received requests for help from customers at banks, credit unions, and insurance. In our own backyard, the New York State Department of Financial Services has distributed a “Cyber-Security/Cyber-Risk Questionnaire” that covers topics such as penetration testing, vulnerability scanning tools, and emerging threats from mobile devices, social media, and Cloud computing.

Greater regulatory scrutiny for banks

Bank Information Security published an article, “OCC: Cyber Threats Among Top Risks”, based on the 2013 Semiannual Risk Perspective report from The Office of the Comptroller of the Currency. The article contends that, “the cyber-attacks facing banking institutions continue to evolve at an accelerated rate.”

The OCC report cited three specific risk factors: Adoption of new and less market-tested applications, reengineering of business processes, and increased reliance on outsourcing to reduce operating costs. NopSec’s customers have asked us to increasingly review new mobile and web-based applications as part of overall vulnerability management. And we recently had a banking customer “insource” some IT operations due to deficient security policies that were uncovered with their outsource vendor.

Insurance companies face similar risks

Insurance Journal ran a story titled, “New York Regulator Asks Insurers About Readiness for Cyber Threats” about a follow-up request similar to that sent to major banks earlier this year. According to the article, “Insurance companies, in some cases sometimes more than banks, hold incredibly sensitive information of regular people,”said Ben Lawsky, New York’s superintendent of financial services.

Take a proactive approach to vulnerability management

Helping customers respond to these regulatory questionnaires, and ensuring that policies and procedures are in place when the auditors come knocking, is what we do at NopSec. A proactive approach to vulnerability risk management can certainly keep your company out of the cross-hairs of regulators and auditors. I encourage you to read about how we’ve helped customers in financial services with “Customer Success Stories: Vulnerability Management“.

Schedule a Product Demo Today!

See how NopSec's end-to-end Cyber Exposure Management platform can organize your security chaos.