Cybersecurity is ‘Top of Mind’ For FinServ
Cybersecurity is “top of mind” for the financial services industry as regulators have focused on the issue and attacks have increased in number and sophistication according to David Murray, chief business development officer at Corvil, which provides real-time data analytics for networks.
In June the European Union approved adoption of the first EU-wide rules on cybersecurity by ratifying the Directive on Security of Network and Information Systems, or NIS Directive. The European Commission said at least 80% of European companies have experienced at least one cybersecurity incident over the last year and the number of security incidents across all industries worldwide rose by 38% in 2015.
Rachel Lindstrom, senior consultant at capital markets consultancy GreySpark, said in a statement in June: “Cybersecurity for financial institutions must evolve as fast as the technology and techniques used to breach their defences. Organisations need to have a holistic view of their structure and its vulnerabilities, understanding the limitations of each of the security technologies they deploy.”
The consultancy added that vulnerabilities include network entry points, vendors and client networks as well as wireless LANs and mobile devices. “Going forward, the lack of a cybersecurity plan will not be tolerated by many regulators,” said the report.
Corvil said today it has partnered with Carbon Black to allow businesses to detect malicious activity in real-time, as well as track and disable attacks with greater accuracy.
“Carbon Black have secured a leading position for endpoint security including mobile devices and laptops, which is complementary to our network business,” added Murray. “They also have similar views to Corvil on enabling open access to data and providing granularity.”
The integration also aims to enable customers to rapidly prioritize alerts and reduce false positives and manual investigations. Corvil said that by correlating malicious traffic and cross-device user activity with originating processes and specific files accessed, security teams can more rapidly identify and investigate threats.
Tom Barsi, senior vice president of business development for Carbon Black, said in a statement: “By integrating our similar capabilities across network and endpoint, security teams have a more powerful and flexible solution at their disposal to detect and combat a broad array of internal and external cyber threats.”
In June the Committee on Payments and Market Infrastructures and the Board of the International Organization of Securities Commissions also realised their final report on cyber resilience for financial market infrastructures.
CPMI-IOSCO said this was the first internationally agreed guidance on cyber security for the financial industry number of attacks have risen and are becoming increasingly sophisticated.
Ashley Alder, chairman of IOSCO, said in a statement: “Implementation of the guidance represents an important step in strengthening the cyber resilience of FMIs and the ecosystem within which they operate.”
Alder added that the level of cyber resilience, which contributes to an FMI’s operational resilience, can be a decisive factor in the overall resilience of the financial system and the broader economy.
In the US today New York’s Department of Financial Services proposed new rules requiring banks and insurance companies to establish cybersecurity programs and designate an internal cybersecurity officer.
Maria Vullo, New York State Department of Financial Services superintendent, said in a statement: “DFS designed this groundbreaking proposed regulation on current principles and has built-in the flexibility necessary to ensure that institutions can efficiently adapt to continued innovations and work to reduce vulnerabilities in their existing cybersecurity programs. Regulated entities will be held accountable and must annually certify compliance with this regulation by assessing their specific risk profiles and designing programs that vigorously address those risks.”
Dechert, the law firm, said in a report that us regulators including the SEC and CFTC are devoting significant attention and resources to cyber threats.
“The Craig Scott Capital Order highlights a regulatory risk that firms could face if they rely on “form” or outdated policies to comply with the Safeguards Rule, rather than building a program contoured to the specifics each firm may face in the course of its business,” added Dechert.
More on cybersecurity:
COVID-19 pandemic and geopolitical tensions round out the top three threats in DTCC survey.
The Australian regulator concluded its investigation into the ASX equity market outage in November 2020.
Quantum Dawn VI tested over 900 participants' responses to a simulated ransomware event.
There is no standard approach to identify data that needs to be protected.
The new unit will employ up to 400 high value, experienced and graduate level roles.