The U.K. regulators have urged firms to improve their resilience to cyber-attacks. The Prudential Regulation Authority and the Financial Conduct Authority (FCA) have been vocal about protecting consumers and market integrity. The regulatory bodies view cyber-attacks through their objectives to ensure financial stability. Here, we will look at four of the most common approaches to cyber security in financial services.
An important part of any information security strategy is determining whether customers can be trusted with certain types of personal and financial information. This section discusses Financial Services Cyber Security | Fortinet which certainly includes authentication.
A strong multifactor authentication method will require customers to provide information that hackers do not have. It may involve a physical key fob or an app installed on their phones. Banks should use multifactor authentication to protect customer information to prevent a breach. But multifactor authentication is not always effective and can incur significant I.T. costs. However, this method can dramatically reduce the risks posed by breaches of user credentials. Organizations need to implement multifactor authentication, as it will add a layer of protection that will mitigate the ripple effect of a compromised password.
Cybersecurity is a global issue and cross-sector collaboration is essential to address the complexities. While the financial sector is global, the response to major crises and cyber events is often national. To address the complexities of cyberspace, the G-20 and the Financial Stability Board are working on a common lexicon for financial stability risk management. As a result, these organizations will be able to better communicate and collaborate among financial services sectors to improve cyber safety and resilience.
The financial services industry has developed a set of best practices for implementing good cybersecurity. The Financial Services Sector Coordinating Council or FSSCC, is a nonprofit organization comprised of 70 of the world’s major financial companies. Industry groups, credit unions, exchanges, and financial utilities are all included in this category. Ultimately, the FSSCC seeks to improve the financial services sector’s resiliency and strengthen the public-private partnership. It also works to improve industry-government relationships.
Reporting of incidents
The new rules for reporting cybersecurity incidents require financial services providers to notify their primary Federal regulator when a breach involves computer systems or information. These incidents vary but typically include a hacking incident or large-scale distributed denial of service attack that disrupts customer access to accounts. As a result, these reporting requirements are designed to provide the primary Federal regulator with early warning of emerging cyber security risks.
Depending on the nature of the cybersecurity incident, a financial services organization may be required to report the breach to federal agencies or independent regulators within 36 hours. Banking organizations must report any significant cyber incidents within 72 hours and may be required to notify affected consumers if ransomware has been detected. In addition, the rule requires covered entities to report cyber incidents within 24 hours if the breach is known to have resulted in material harm to the company.
Internal disclosure system
Incorporating effective cyber security in financial services is becoming increasingly important as more data breaches occur daily. As such, firms are required to implement comprehensive information security programs. In addition, the U.S. Federal Reserve and state regulators have released statements outlining the necessary elements of effective cyber security programs and are closely reviewing firms’ compliance with these rules. Firms face significant risks and repercussions without effective information security programs, including administrative enforcement action and examination criticism.
Due to insufficient cybersecurity disclosures, First American Financial has already experienced a massive data breach. As a result, the company paid a $35 million penalty to settle the SEC’s enforcement action relating to insufficient cybersecurity disclosure. In addition, a recent breach of another major financial service firm impacted by a cyberattack revealed a system vulnerability that exposed 800 million image files containing financial information and Social Security numbers.