Regulators intensifying cybersecurity warnings for financial institutions
September 30, 2014

Data breaches have reached somewhat epic proportions in the past several years, with tens of millions of individuals being impacted by just one event at a time, and many more when looking at the full range of damages. For example, the two breaches that struck the retail sector in the past year – Target and Home Depot – impacted more than 90 million Americans, and the numbers are still at risk of rising given how quickly the card information is making the rounds. 

However, in spite of all the evidence stacking up against the use of traditional credentials and access management controls, financial institutions, retailers and payment processors have not yet fully overhauled their tactics to prevent breaches such as these. So long as the same mistakes continue to be made, there is little hope that data breach and, more importantly, identity theft will begin to slow down with respect to economic damages and individuals impacted. 

Now, regulators are working to ensure that decision-makers in financial institutions fully understand the gravity of the situation, as well as what their responsibilities are by way of fortifications and other security improvements. Banks cannot wait by and simply hope that they are not impacted by a major information exposure event – steps must be taken to prevent these types of occurrences proactively and comprehensively for the integrity of corporate and consumer wellness. 

Focus turns to security
Reuters recently reported that Benjamin Lawsky, the acting superintendent of the Department of Financial Services in New York, took the time to notify members of the state’s financial system that his agency will be more aggressively turning the focus toward cybersecurity in the coming years. This type of leadership is so critical in the modern era, as studies have indicated that a wealth of businesses are still not answering the call for greater improvements in the access management arena. 

According to the news provider, Lawsky is a bit more concerned about an even more significant act of what he calls “cyberterrorism” impacting the financial health of New York State and other jurisdictions. Still, one could quickly become confused by some of the rhetoric Lawsky used in his statements, as the source pointed out that he is concerned about a major event leading to chills down regulators’ and financial institutions’ spines. 

In a word, this has already occurred over and over again. If the TJX breach back in 2007 did not send shivers down financial institutions’ spines, then the Target breach certainly should have. Going a step further, Home Depot lost the personal information of more than 50 million consumers just a month ago, so one can only ask why regulators believe that the problem has not already come to a head?

Something wicked this way comes
Without being overly apocalyptic, there is a chance that hackers will be able to cause an even more devastating data breach that, even by today’s standards, would be considered as unprecedented. Advanced persistent threats are one group of risks that could some day evolve to the level of knocking out entire financial systems, though this is certainly not an ideal that many would be able to believe today. 

With all of that said, one of the more important aspects of comprehensive financial system security against hacking is each institution taking responsibility for its own actions. Those banks that leverage more advanced dynamic authentication solutions to overhaul their credential management systems will likely be doing themselves, their clientele and their peers a service in more ways than one.