Earlier this month, amidst the uproar about the Sony data breach and the chaos of the holiday shopping season, one set of financial regulators took steps to increase the oversight of cybersecurity practices within the industry.
In mid-December, superintendent of New York's State Department of Financial Services Benjamin Lawsky released a set of new guidelines for banks on how cybersecurity practices will be evaluated in the future. The new requirements pertain to all chartered or licensed banking institutions in New York and will take a closer look at the those organizations' cybersecurity corporate governance practices, cyberattack defenses, information security dedicated resources, data breach detection abilities and management of third-party service providers, as well as other factors.
As part of the new review process, DFS will conduct separate cybersecurity and overall risk assessments in order to gauge how vulnerable each institution is to collapse due to a cyberthreat. The guidelines also instruct supervisors to include more questions about cybersecurity in the information technology exam required by each organization.
The exam will cover topics such as, "how companies detect and defend against cyber intrusions; how cybersecurity personnel are managed; what type of cybersecurity training employees receive; whether companies have cybersecurity insurance; how secure third-party vendors are," The Hill reported.
In a statement on the new guidelines, Lawsky noted that hacking could have serious effects on the consumers' financial lives and have the ability to wreak havoc on the economy and financial markets.
At the same time as Lawsky announced he would be increasing cybersecurity oversight within his organization, Commodity Futures Trading Commission chairman Timothy Massad said during a Senate hearing that cybersecurity is a main focus of his agency's examinations. The CTF reviews evidence provided by institutions to prove they've satisfied industry requirements. Currently, the CTF requires financial organizations to implement system safeguards and information security risk management programs, as well as prompt notification in the event of a network intrusion.
During a separate hearing before the Senate's Committee on Banking, Housing and Urban Affairs, officials from numerous federal agencies – including the FBI, the Secret Service, the Department of the Treasury and the Department of Homeland Security – testified that the financial sector faces increasingly complex cyberthreats that are organized and persistent in nature. As such, the officials promised to work with industry organizations in order to reduce the risks toward the sector.
Financial organization employing advanced security solutions
In an effort to increase the protection of privileged information, many financial institutions have begun to implement big data security solutions to more effectively detect network intrusions. Security information and event management services are one such tool. SIEM solutions employ big data analytics to monitor the vast amount of information created by banks and other financial firms in order to detect suspicious behavior that may suggest a data breach.
Big data security programs record network event activity in real time as it occurs, providing organizations with actionable threat information that can be used to create a more robust security policy. SIEM services are able to prioritize event information, focusing on serious security activity and ignoring random anomalies that don't pose a threat.