Earlier this month the FDIC published a Winter 2016 special edition of its FDIC Consumer News entitled "A Bank Customer's Guide to Cybersecurity.”
Your bank's board has responsibility for vendor management
The FDIC released a video today that is designed to assist community bank directors and executive management in developing a comprehensive risk assessment program for vendor management.
You’ve probably heard about the successful cyber extortion of a hospital in Hollywood, California. Hackers cracked into the hospital’s database and then electronically locked up the hospital’s systems with malware. The hospital had to pay the extortionists a $17,000 ransom in bitcoins to regain access to the hospital’s own data.
These attacks are also hitting banks; however, due to the huge reputational risk banks face you are not likely to hear about them. The FFIEC has previously warned banks to protect themselves from extortion by computer attacks such as this.
A bank’s information security risks include not just regulatory risk, but also financial risk (from unauthorized transactions arising from data breaches), reputation risk (loss of customers’ trust and loss of business) and business continuity risk (system failure destruction or corruption of data, or unavailability of electronic information because of hackers, disasters or other business interruptions).
Banking regulators do not discourage outsourcing, and in many cases strongly encourage it, if a bank can obtain better services than it can provide internally and the bank maintains proper supervision over the outsourced vendor’s activities.
Increasingly, many banks are using technology as a key factor to increase their capabilities - to enhance employee efficiency, to expand financial services provided to customers and to establish a strong foundation for growth. But at other banks, technology is a strategic weakness: It hampers employees’ ability to serve customers, causes regulatory criticism of the bank and even exposes the bank to major financial risk and reputation risk if customers’ information is vulnerable to access by Internet hackers.
Banks choose BankOnIT’s Bankers Private Cloud® to increase security and to improve efficiency and reliability. Bankers Private Cloud® client banks have reduced risks and gain more advantages than they have on their own while reducing the amount of time required to manage IT.
There are many reasons why bankers choose the Bankers Private Cloud®. What are your reasons?
State banking departments across the country have partnered with the Conference of State Bank Supervisors and worked to bring in top regulatory, law enforcement and cybersecurity experts to banking seminars.
All of these seminars have held a similar message:
Cybersecurity attacks are becoming more frequent. Attacks are more complex, and C-level executives and the board of directors must be aware of what their cybersecurity risks are and how they are managing those risks.
Two comments have been particularly noteworthy:
Over the last few months, hundreds of bank senior executives from across the United States have attended Executive Briefing on Cybersecurity seminars. One of the strongest comments consistently made by the banking commissioners was about the need to have CEOs, Presidents and Board of Director involvement in managing IT risk. State and federal regulators are all delivering the same message: Technology risk is not just an IT problem, but a board-level risk-management problem.
Technology continues to progress at a rapid pace, which creates increased opportunities for banks to better meet their customers’ needs. Along with these opportunities in technological advances, significant increases in cybersecurity risks for banks and their customers are also occurring due to the amount and rapid pace of technological changes. New technology opens doors that become gateways for new risks, which means as a banker you need to take more precautions than ever before to stay ahead of the cybersecurity curve.