May 2015 SAFE Newsletter
What it means for your organization
Cybersecurity is defined as the technologies, processes and practices that protect computer networks and data from attacks via cyber space, or the internet.
Recent information security breaches at corporations like Target, Sony, and Anthem Health have resulted in greater media attention and reaction by various industry regulators. As of March 2015, both the FFIEC and the SEC have issued similar recommendations and/or guidelines that support the US Government’s effort to help protect organizations from cybersecurity attacks.
Last summer’s (2014) FFIEC Cybersecurity Assessment of 500 community banks revealed that cybersecurity inherent risk varies significantly across institutions, and incorporates the type, volume and complexity of (1) connection types, (2) products and services offered, and (3) technologies used.
The FFIEC provided recommendations on cybersecurity preparedness in the following areas:
- Risk Management and oversight
- Threat intelligence and collaboration
- Cybersecurity controls
- Third Party management
- Cyber-incident management and resilience.
In April 2014, the SEC Office of Compliance Inspection and Examinations (OCIE) released guidelines to assess cybersecurity preparedness in the securities industry. Examinations of registered broker-dealers and registered investment advisers will focus on the entity’s cybersecurity governance, identification and assessment of cybersecurity risks, protection of networks and information, risks associated with remote customer access and funds transfer requests, risks associated with vendors and other third parties, detection of unauthorized activity, and experiences with certain cybersecurity threats.
Technologies and processes such as wire transfers, ATMs, mobile banking, e-trades and BYOD, while increasing convenience, have made financial organizations more susceptible to cybersecurity attacks that impact Anti-Money Laundering compliance data security. Financial organizations large and small are equally required to implement a comprehensive cyber-resilience strategy, therefore it is important to clearly identify, assess and prioritize the implementation of strategic solutions that reduce cybersecurity risk at a reasonable cost. Financial organizations should implement effective information security strategies, policies, and procedures to prevent and quickly respond to cybersecurity incidents.
Employees: The Defensive Line Against Social Engineering