11 December 2017
visit www.solutions.lexisnexis.com

New York to step up assessment of bank cyber-security plans

08 May 2014  |  10982 views  |  0 New York Skyline 2

New York's banks will face new cybersecurity assessments carried out by the Department of Financial Services (DFS), under plans unveiled by Governor Andrew Cuomo.

The decision comes after the DFS published a report on cyber-security in the banking sector, which has seen a steep rise in attacks - from crooks, hacktavists and nation states - over the last couple of years.

The assessments will be part of the regular DFS examination process, and include additional questions in the areas of IT management and governance, incident response and event management, access controls, network security, vendor management, and disaster recovery.

Says Cuomo: "With today's growing cyber threats we need to make sure New Yorkers' finances are protected from online predators. Targeted cyber security assessments for banks will better safeguard financial institutions from attacks and secure personal bank records from being breached."

The report (PDF), based on a survey of 154 institutions, shows that most have experienced intrusions or attempted intrusions over the last three years. Malware has hit 22% of respondents, phishing 21% and pharming seven per cent.

Crooks most commonly use intrusions for account takeovers, although ID theft, telco network disruptions and third party payment processor breaches are also common. Around 15% of large banks also say they've suffered mobile banking exploitation.

Nearly 90% have an information security framework in place to tackle these threats, although plans are less well developed at small banks. Irrespective of size, the vast majority of those quizzed use security technologies such as anti-virus software, firewalls, server-based access control lists, intrusion detection tools, and encryption.

Most large banks use public key infrastructure systems but few smaller firms use the technology, while biometrics is still a rarity across the board. Only around a quarter have policies and procedures in place to mitigate risks associated with cloud computing.

More than three quarters of respondents have seen their information security budget increase over the last three years and a similar percentage expect another bump in the next three years. Compliance and regulatory requirements is cited as the main reason for increasing spending, followed by business continuity and reputational risk.

Superintendent of Financial Services Benjamin Lawsky says: "The fact that so much of our financial lives are spent online makes banks increasingly tempting targets for cyber attacks. Hackers spend day and night trying to think up new ways to steal consumers' personal information and disrupt our nation's financial markets, and it's more important than ever that we rise to meet that challenge."

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Watchdog criticises SEC cybersecurity

Watchdog criticises SEC cybersecurity

22 April 2014  |  5218 views  |  0 comments | 6 tweets | 3 linkedin
SEC to conduct market-wide cyber-security checks

SEC to conduct market-wide cyber-security checks

16 April 2014  |  6071 views  |  0 comments | 3 tweets | 3 linkedin
As cyber threat grows, EU regulators warn FS firms on IT budgets

As cyber threat grows, EU regulators warn FS firms on IT budgets

03 April 2014  |  6786 views  |  0 comments | 9 tweets | 2 linkedin
Visa and MasterCard launch cross-industry effort to push US adoption of EMV

Visa and MasterCard launch cross-industry effort to push US adoption of EMV

07 March 2014  |  11541 views  |  4 comments | 20 tweets | 19 linkedin
FS firms hardest hit by cybercrime - PwC

FS firms hardest hit by cybercrime - PwC

05 March 2014  |  5416 views  |  1 comments | 8 tweets | 3 linkedin
Hacked Target hastens migration to chip cards

Hacked Target hastens migration to chip cards

05 February 2014  |  6804 views  |  0 comments | 4 tweets | 9 linkedin
Exchange group sets up cyber-security committee

Exchange group sets up cyber-security committee

12 December 2013  |  6805 views  |  0 comments | 4 tweets | 4 linkedin
Five more arrests made in $45 million ATM cyberheist

Five more arrests made in $45 million ATM cyberheist

19 November 2013  |  4324 views  |  0 comments | 4 tweets | 5 linkedin
Hacktivists suspend bank DDoS campaign

Hacktivists suspend bank DDoS campaign

29 January 2013  |  6374 views  |  0 comments | 2 tweets

Related blogs

Create a blog about this story (membership required)
visit www.aciworldwide.comvisit http://info.nice.comvisit www.response.ncr.com

Top topics

Most viewed Most shared
Revolut lets customers buy Bitcoin, Litecoin and EthereumRevolut lets customers buy Bitcoin, Liteco...
18064 views comments | 26 tweets | 22 linkedin
Saxo Bank's 'Outrageous Prediction': Bitcoin to peak at $60k next year before spectacular crashSaxo Bank's 'Outrageous Prediction': Bitco...
11024 views comments | 7 tweets | 6 linkedin
Deutsche Bank paper hails 'huge' blockchain potentialDeutsche Bank paper hails 'huge' blockchai...
6599 views comments | 13 tweets | 20 linkedin
Santander UK poaches Barclays innovation chief Michael HarteSantander UK poaches Barclays innovation c...
6410 views comments | 8 tweets | 17 linkedin
Barclays, First Direct and Nationwide join FCA sandbox cohortBarclays, First Direct and Nationwide join...
5816 views comments | 5 tweets | 12 linkedin

Featured job

Competitive base + commission + benefits
New York City, NY - USA

Find your next job