New York watchdog blasts cyber security at banks' third party vendors

New York watchdog blasts cyber security at banks' third party vendors

New York State's financial services watchdog is set to tighten up the rules on cyber-security standards for third party vendors working for banks after finding "significant" vulnerabilities in current relationships.

The New York State Department of Financial Services (NYDFS) surveyed 40 Wall Street banks about their relationships with third-party vendors, many of which have access to IT systems, offering a potential backdoor entrance for hackers looking to steal customer data.

Nearly a third of respondents admit that they do not require vendors to notify them if they find a cyber security breach, and fewer than half conduct any on-site assessments of their vendors.

Around one in five respondents do not require vendors to show that they have established minimum information security requirements, and only one-third of banks demand that those requirements are extended to subcontractors.

The NYDFS says that in the next few weeks it plans to push ahead with regulations strengthening cyber security standards for banks' third-party vendors, including potential measures related to the representations and warranties received about protections in place at those firms.

Superintendent Benjamin Lawsky says: "A bank's cyber security is often only as good as the cyber security of its vendors. Unfortunately, those third-party firms can provide a backdoor entrance to hackers who are seeking to steal sensitive bank customer data. We will move forward quickly, together with the banks we regulate, to address this urgent matter."

Read the full report:» Download the document now 306 kb (PDF File)

Comments: (2)

Derek Corcoran
Derek Corcoran - Avoka - Broomfield 09 April, 2015, 16:50Be the first to give this comment the thumbs up 0 likes

This is REALLY surprising.

When I look at the due diligence, information security testing and background checks on staff performed by financial companies before engaging my company Avoka, no stone is left unturned. How can this be the case? 

A Finextra member
A Finextra member 09 April, 2015, 18:05Be the first to give this comment the thumbs up 0 likes

Table chart 4, was interesting, as the usual data safegards that most banks use for themselves are not consistently applied to their 3rd party vendors. Not good.

Featured Job
All Jobs »