Financial Services Cybersecurity Weekly Briefing 10-20-2017

Weekly FS Cybersecurity Blast

Weekly FS Cybersecurity Blast

White Paper: Navigating the Regulatory Environment of Information Security in Financial Services

Information technologies are rapidly changing. The players who collect, access, and maintain customer and firm data are on the rise. The frequency of attacks is growing. As a result, the regulatory environment is evolving to protect customers and business alike.

 

JP Morgan Security Chief Warns that Cyber defenses ‘Will Fail’
Major financial institutions have been told to focus less on the prevention of cyber attacks and more on dealing with the inevitable breaches by a panel of security experts. […] “Shift investment from preventative to regular exercise for your teams,” he added. “Test them out; who will make decisions and when. Prepare for eventuality.”

 

Navigating Cybersecurity on a Stretch of “Regulatory Rapids”
Not unlike NY state requirements, under GDPR there is a 72-hour window to notify a client if there is a breach of data. […] Moreover, regulatory reporting, data retrieval for liquidity risk assessment, capital calculations, and simply the ability to identify every location client data is used and stored within a firm is not as easy as it may seem.  This issue is only amplified for global firms that may outsource business support to affiliated entities, use third party vendors or transfer client data across borders.

 

Financial Services to Boost Security Investment on Account of Breach Risks
Almost all (92 percent) will deploy advanced tech, such as IoT, big data or cloud services, with 73 percent doing so before actually preparing appropriate security solutions. Six in ten (60 percent) view privileged users as the biggest threat, followed by executives (48 percent) and contractors (38 percent).

 

IRS: Tax Refund Fraudsters Already had Much of That Equifax Stolen Data
Beginning next year, more ID theft protection will be used for some business returns. Tax professionals are encouraged to make sure that the name and the Social Security number of the company individual authorized to sign the business return is legitimate. Is the person signing that return really authorized to do so?

 

Post Cyberattack: The Next Steps Your Business Needs to Take
It’s tempting to shut down after a data breach, but it’s important to be proactive to minimize the damage. Make sure you’re communicating properly with your staff, tech specialists, and clients, and be open and sincere about what happened. Provide details if you think they are necessary, and explain how each party will be impacted by what happened. Be sure to take responsibility, even if the attack was the fault of your IT provider rather than your company.

 

Cyber Wars: How the U.S. Stock Market Could Get Hacked 
DARPA has been conducting brainstorming sessions with key players in the financial system to identify potential risks and to develop effective counter-measures against them. Particularly important in these discussions, the Journal notes, have been market participants engaged in high-frequency trading (HFT) or high-speed trading, the managers of quant funds, and other persons with deep knowledge of the automated systems that drive so much of trading today, often with reaction times measured in fractions of a second.

 

ATM Machine Malware Sold on Dark Web 
For example, one ad posted on the now-defunct AlphaBay Darknet marketplace offered detailed manuals, a list of required equipment, ATM models to target, and tips for operating the malware, Kaspersky notes. The sellers of this kit wanted $5,000. Buyers were told they could steal all the cash from ATM machines infected with the malware, without having to bother accessing individual accounts and data used by ATM card holders, Kaspersky stated.

 

Financial Services Cybersecurity Systems and Services Market – Global Industry Analysis, Size, Share, Growth, Trends and Forecast 2017 – 2022
The global financial services cybersecurity systems and services market is prognosticated to be pampered by reportedly a large count of financial organizations taking to managed security services for solutions such as real-time monitoring and analytics and authentication.

 

Are Banks Ready for the Internet of Things Revolution? Part 2: New legal Issues Created by the Internet of Things 
1. Privacy issues become bigger
2. Data anonymization to better exploit data
3. Increased threat of cyberattack
4. Agreements with third parties need to be “adequately” managed
[…]

 

US Banks to Introduce New Anti-fraud Measures After Equifax Hack
US banks are stepping up anti-fraud controls after the data breach at credit checking group Equifax put about half the country’s population at risk of identity theft. Executives at banks including Citigroup and Wells Fargo said customers would face new checks because of the increased risk of identity fraud, a problem that already costs an estimated $16bn a year in the US.

 

Stay up to date on the Financial Services Information Security news that you need to know by signing up for our Financial Cybersecurity Briefing Here.

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.