Page 13 - index
P. 13
Recent Regulatory Focus on Cybersecurity Fuels Financial
Controls
By Joe Holman, Orangefield Columbus CEO
Recent regulatory focus on cybersecurity has placed a spotlight on the security of financial data
and fueled conversations to bolster cyber controls of outside vendors that support these
businesses. Concerns have emerged among managers, financial institutions, third party
providers and regulators that more work is required to safeguard companies from malicious
cyber-attacks, especially given recent commentary from investigators that attacks on corporate
targets often occur up to 18 months before they are discovered (source).
The Securities Industry and Financial Markets Association’s (SIFMA) recent call to arms for U.S.
financial firms and regulators to join forces and create a system for sharing information on
cyberattacks in order to mitigate future threats is a step in the right direction. However, financial
organizations must understand what data is most valuable to attackers, their greatest points of
vulnerability and the solutions available to solidify their operations.
Cybersecurity Challenges
In April, the Securities and Exchange Commission (SEC) issued a checklist that was intended to
help firms review their controls to combat cyberattacks. In July, the U.S. Department of the
Treasury’s financial crime enforcement network (FinCEN) issued a notice on pending
regulations around Customer Due Diligence Requirements for Financial Institutions.
And now New York State’s top financial regulator Benjamin M. Lawsky has requested a dozen
banks provide their policies and procedures for governing relationships with third party providers
and outline their due diligence processes.
With this increased scrutiny from U.S. regulatory bodies, a sense of urgency has developed
among firms, particularly within the asset management and fund management spaces, to put in
place sufficient and proper controls to detect and prevent data breaches.
In a recent whitepaper from the Depository Trust & Clearing Corporation (DTCC), only 84% of
respondents in financial services identified cyber risk as one of their top five concerns despite
evidence from a survey by Kaspersky Lab and B2B International that indicated 93% of global
financial services organizations experienced various cyber threats between April 2013 and May
2014.
Some firms, however, are failing to take precautions toward data protection. In some instances,
basic and essential safeguards fall to the wayside that should not: some firms do not obtain
13 Cyber Warnings E-Magazine – November 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
