November 22 – The Conference of State Bank Supervisors announced a new cybersecurity certification in an effort to promote higher standards in bank examination of cybersecurity management. The new Certified Cyber Security Examiner designation is part of a larger effort among state financial regulators to address the ongoing threat of cybersecurity within the financial services industry.
By Eric Crabtree
Not surprisingly, cybersecurity always ranks high on the list of chief concerns that cause bank CIOs to lose sleep at night. That’s because increasing levels of sophistication in the tech used by hackers and fraudsters is making it harder for financial institutions to defend themselves.
By Catherine Crosby Long, Keith Andress and Alisa Chestler
Not long ago, the average American could not define terms like “data breach,” “hack” or “cybersecurity.” However, hardly a day passed in 2015 without a cyberattack covered by the national news. As a result, consumers are increasingly aware of the need to ensure that their personally identifiable information is secure. This article explores the basic tenets of an effective cybersecurity policy, including the need for regular security assessments and an incident response plan. (more…)
By Chris Trytten
Data breaches have plagued companies for more than a decade and show no signs of abating but actually increasing 29 percent in 2015 compared to the prior year. The number of incidents exposing one million or more records increased 40 percent, while three mega events occurred in the third quarter of last year, each exposing more than 10 million records.
By Mark Scholl
It’s no secret that cyber threats continue to increase. The bad guys will go where the money is. But you can’t develop a cybersecurity strategy if you don’t know what you are up against. So where do you go for help to understand the evolving threats and how to mitigate them based on your risk profile?
By Jim Baird
Incident Response Plans (IRP) have been expected by banking regulators for years. But with the ever-increasing threats of cybercrime, malware, breaches, ransomware and other cyber threats, the expectations have morphed into having a far more robust, comprehensive, cyber-ready and tested IRP. Further, the Federal Financial Institutions Examination Council’s Cybersecurity Assessment Tool devotes an entire domain to the topic (Domain 5: Cyber Incident Management and Resilience).
By Charles Cheatham
Today, bankers have more technology and more technology vendors providing services and support to their banks than ever before. Using third-party vendors can allow banks to reduce risk, control costs and focus more efficiently on achieving strategic goals.
By Stephanie Chaumont
As a security consultant, I have spent time talking with management and members of the boards of directors at several institutions. And I can tell you that they run the gamut of security-mindedness and technology knowledge. I have met directors who want to know what’s going on in the IT department and are well-versed in information security and cybersecurity threats; there are others who want nothing to do with anything IT-related. But board members now have an excellent resource to improve their knowledge: Overview for Chief Executive Officers and Boards of Directors, released last year with the Federal Financial Institution Examination Council’s Cybersecurity Assessment Tool.
By Tom Hinkel
Cybersecurity has become a topic of interest to every financial institution as regulators increase their focus on cyber risks and controls. Third-party relationships are often the weakest link in the cybersecurity chain, as a whopping 43 percent of companies had a data breach in 2014, according to Ponemon Institute. Subsequently, the release of both the Federal Financial Institutions Examination Council’s Cybersecurity Assessment Tool and the updated FFIEC Management Examination Handbook has heightened awareness of cybersecurity for the financial industry and the importance of accurate cybersecurity assessments.
By Robert Mendez
As a board member or a member of the bank’s executive team, understanding the levels of risk you’re accepting for your bank, your customers and for yourself is essential. CEOs and executives of non-banking firms, such as Target, have lost their jobs because they didn’t understand the cybersecurity risks their businesses were accepting. Bankers have additional concerns about financial risks and the penalties regulators may assess if cybersecurity risks are not being effectively managed by the board.