Public and private sectors agree: Investment needed in banks’ cybersecurity

The Federal Reserve (the Fed) recently announced that it will participate in a study to determine how effective the central bank is at overseeing cybersecurity practices in the financial industry. The Fed’s Office of Inspector General (OIG) will be conducting the internal audit and plans to release the findings in the fourth quarter of this year.

The announcement comes on the heels of congressional inquiry into the Fed’s security practices in light of the attempted theft of $951 million from a Federal Reserve Bank of New York account held by Bangladesh Bank, the South Asian country’s central bank. While the N.Y. Fed successfully blocked 30 transactions that would have totaled an $850 million withdrawal, five transactions totaling $101 million were successful.

The OIG study will be the first public report to detail how strictly the central bank holds the financial industry to the regulations that are in place to protect from hackers and other criminals. “The growing sophistication and volume of cybersecurity threats presents a serious risk to all financial institutions,” according to the OIG. Mary Jo White, Chair of the Securities and Exchange Commission, described attacks like the one against the N.Y. Fed as the biggest risk currently facing the financial industry.

This sentiment seems to be echoed by the private sector as well. An international survey conducted by Kaspersky Lab and B2B International found that among businesses around the globe, protection from cyberattacks ranked amongst their highest priorities. Of the 5,500 businesses surveyed, 41 percent have invested in an in-house solution for protecting their financial transactions and 45 percent use a bank-provided solution.

While the investment rate is prolific, firms’ confidence in their ability to thwart an attacker is not so widespread. The most confident sector — the telecommunications industry — reported confidence with their fraud security at a 70 percent rate.  Only 67 percent of financial institutions reported their confidence in the same. Forty-seven percent of the firms surveyed indicated that their protections needed improvement.

Looking at the financial industry specifically, 48 percent of the respondents “admitted what they do to address the problem can be described as ‘mitigation’ rather than ‘prevention.’”  One of the largest concerns for banks – (38 percent of the organizations surveyed agreed it’s a problem for them) is distinguishing an attack from normal customer activity.  

General News, Prevention