Banks Must Tighten Security for Their Vendors

April 9, 2015

Wall Street banks and other financial institutions need further strengthening of their cyber security measures.

A survey of 40 banks by the New York Department of Financial Services found that nearly one in three don't require third-party vendors to alert them about information security breaches or other cyber security intrusions. In other findings, the seven-page report said:

• Fewer than half of the banks surveyed said they conduct any on-site assessments of third-party vendors.

• Roughly one in five banks don't conduct on-site assessments of the service providers.

• One-third of the institutions surveyed don't require third-party vendors to mandate similar cyber security requirements on their own subcontractors.

Additionally, U.S. branches of foreign banks questioned in the survey instituted some tougher cyber security requirements than domestic counterparts, said USA Today. According to the survey, the foreign banks required multi-factor authentication — a process that involves more safeguards than a computer password — "much more than large or small domestic institutions."

The NY Department of Financial Services, says USA Today, is conducting a similar review of cyber security precautions by third-party vendors of the insurance firms it oversees. The results of the surveys will be used to craft rules to guard against electronic breaches that could potentially harm millions of banking and insurance clients.

http://www.usatoday.com/story/money/2015/04/09/bank-cybersecurity-threats/25517905/

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.