Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Top Stories

AS BANKS FACE TOUGHER REGULATIONS, SECURITY NEEDS TO PREEMPT THREATS
AS BANKS FACE TOUGHER REGULATIONS, SECURITY NEEDS TO PREEMPT THREATS

Published : , on

Guy Guzner, CEO, Fireglass

Several months ago, a new cybersecurity regulation was introduced aimed specifically at the finance industry. Some may say it’s about time. The regulation proposed by the state of New York requires every bank and insurance company doing business in the state to establish a cybersecurity program, appoint a Chief Information Security Officer (CISO) and screen the cybersecurity policies of its business partners.Shortly after New York’s announcement,the Federal Reserve weighed in, unveiling a national plan to toughen the country’s largest banks against major cyberattacks.

Why all the new regulations? Recent attacks on the banking sector may be the primary motivation behind this surge. While there have been a number of attacks over recent years, several stand out. The JP Morgan Chase breach of July 2014 saw attackers gain the highest level of administrative privileges to the banks computer servers. In 2013, investigators unearthed a scheme where hackers had conducted a seven-year onslaught on organizations across the U.S., including banks, which targeted over 800,000 bank accounts. At the start of 2016, Bangladesh Bank saw over $81 million siphoned from its accounts in just hours. The hackers targeted the bank’s SWIFT accounts, the international money transfer system that banks have used since the 1970s to make daily transactions between themselves. We are seeing how technologies that have been in place for decades are no longer effective and become the weak points that hackers are leveraging to their advantage.

The rise of the financial tech industry is opening up additional opportunities for cyber attackers. The number of companies in this space is increasing rapidly. The demand from younger generations for digital alternatives to banks and financial institutions has spurred billions in investments in fintech ventures. Some of these companies certainly will commit to making cybersecurity an integral part of their organizational mandate. Still, it’s also inevitable that some will fall short when it comes to security. With more and more people having access to financial services and more interfaces to do so, this is creating more vulnerable scenarios for hackers to take advantage of.

While regulations in the U.S. will enforce the development of crises and risk plans that will help banks prepare for the worst, there is a lot at stake relying on archaic systems. The Bangladesh heist may have scared institutions into action, but the damage resulting from a cyberattack can do much more than leave organizations without cash. Imagine if cyber criminals were able to shut down stock exchanges for long periods of time, blocking trades and access to markets. Not only would this impact day-to-day activity, it could shake the faith of investors to the core. On a large scale,this can destabilize an economy overnight. Most concerning is that breaches can be accomplished using common malicious tactics and tools such as phishing and malware.

Taking a cue from Israel

Regulations like the ones being proposed here in the U.S. may have taken inspiration from similar guidelines effected in other countries. Take, for instance,the way Israel is approaching regulations in the financial world. Israeli banks have had to comply with even tougher regulations than those imposed by the state of New York. For example, they are required to physically separate their internal and external networks. This means the same computer cannot be used to access both networks unless there are two separate network cards and two separate virtual machines running on the computer. By enforcing these types of strict guidelines, Israel prevents malware from entering banks’ principal systems from the risky public internet.

What banks could expect

The New York regulationcould impact financial institutions in several ways.

* Organizational structure changes. The responsibility for security in some organizations have been splintering across multiple departments and business units, and overlapping between IT-focused organizations, Risk or security organizations, and operational organizations. In smaller organizations the security role has often been shared with IT responsibilities. As mentioned above, the regulation directs that the organization must appoint board-level responsibility for cybersecurity as well as a CISO.

* New security measurements. Until recently the security program was measured according to the subjective judgment of security professionals. But now that a prescriptive regulation is in place, there is danger that focus will be to satisfy the regulation and not maintain an effective program. This is always a risk with prescriptive regulation.

  • More breaches disclosed. Given the impact breaches inflict on bank reputations and the public trust, there is a powerful incentive to keep breaches quiet. This regulation makes it much harder to hide data breaches, which, in turn, would increase the perceived risk of breaches.
  • Increase in oversight over third parties. The regulation mandates that financial institutions take responsibility for the security posture of vendors providing services to them. This is not surprising as many breaches were caused by compromising vendors rather than the organizations themselves However, there are no standard methods today to ensure the security of third party, and this regulation will probably encourage that field. In the short term this may slow down the adoption of cloud technologies and outsourcing, especially for the smaller financial institutions that cannot audit their vendors themselves.
  • Industry mergers. The regulation clearly favors the larger financial institutions that already have programs like this in place. This will significantly increase the IT cost of smaller financial institutions and make it more difficult for them to be competitive against their larger counterparts. As such, this may drive mergers and/or consortiums to leverage economy of scale.

Implementing pre-emptive approaches

Like other large businesses and institutions, the banking and finance industries rely on archaic systems prone to modern day attacks. But implementing modern and innovative solutions that don’t require complete overhaul can help bring these systems into the 21st century.

. Additionally, banks can implement pre-emptive approaches to security to strengthen systems and thwart cyberattacks. Taking pre-emptive approaches to security can benefit not only the largest global banks, but also the smallest local banks. While larger banks may have the resources to continually reevaluate their security posture and invest in post breach solutions, smaller banks would need to be prioritize security controls which dramatically reduce risk.

Some modern security strategies financial institutions are starting to deploy have taken inspiration from the separation of internal and external networks.One such technology is based on the concept of “isolation”. It focuses on strengthening the most vulnerable targets — the users, by preventing malicious web content from reaching them. This allows users to click with confidence from any device by minimizing exposure to malware and phishing from web and email.

Unlike traditional security solutions that need to distinguish good from bad, isolation assumes all content is malicious and should not be allowed into the corporate network. Isolation creates a secure execution environment placed between users and the web where all browsing sessions are executed remotely and only a safe visual stream is sent users’ devices. Because all content is executed away from endpoints, users are completely protected from malicious websites,emails and documents. Gartner recently published a research recognizing isolation as one of the single most significant ways to reduce attacks.

Conclusion

With ever increasing opportunities for attackers to compromise sensitive networks, financial organizations must do their part to not only prepare for compliance with tightening regulations, but also adopt advanced technologies to secure their networks. Relying on traditional methods will only get them so far. Instead they need to implement solutions that can help strengthen an infrastructure relying on seemingly stalwart technology.

Uma Rajagopal has been managing the posting of content for multiple platforms since 2021, including Global Banking & Finance Review, Asset Digest, Biz Dispatch, Blockchain Tribune, Business Express, Brands Journal, Companies Digest, Economy Standard, Entrepreneur Tribune, Finance Digest, Fintech Herald, Global Islamic Finance Magazine, International Releases, Online World News, Luxury Adviser, Palmbay Herald, Startup Observer, Technology Dispatch, Trading Herald, and Wealth Tribune. Her role ensures that content is published accurately and efficiently across these diverse publications.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post