Interest in Cyber Security of Financial Services Firms Continues to Increase
| As news of data breaches continue to mount, federal and state regulators are becoming increasingly interested in the steps companies are taking to secure the information entrusted to them by consumers as well as other companies. This year we have seen an increased focus on the financial services sector, which suffered large losses in the wake of the data breach at Target. This was then followed by data breaches at Neiman Marcus, Michaels, PF Changs, among many many others. | 
|
Some of the recent examples include:FFIEC - The Federal Financial Institutions Examination Council has launched a pilot program to assess the cyber security preparedness of 500 community banks. This announcement coincides with the launching of a web page on June 24, 2014 on cyber security, which is meant to serve as "a central repository for current and future FFIEC-related materials on cyber security."
As the FFIEC explains, "Regulators are particularly focusing on risk
management and oversight, threat intelligence and collaboration,
cyber security controls, service provider and vendor risk management, and
cyber incident management and resilience."[1]
New York Department of Financial Services - In May 2014, the New York Department of Financial Services (NYDFS) issued a "Report on Cyber Security in the Banking Sector."
The Report notes that, "Although large-scale denial-of-services attacks
against major financial institutions generate the most headlines,
community and regional banks, credit unions, money transmitters, and
third-party service providers (such as credit card and payment
processors) have experienced attempted breaches in recent years."[3] After conducting a preliminary survey of 154 financial services institutions in 2013, the Department now "plans to expand its IT examination procedures to focus more fully on cyber security." These "revised
examination procedures will include additional questions in the areas
of IT management and governance, incident response and event management,
access controls, network security, vendor management, and disaster
recovery." Those providing services to these entities should also expect to see more questions regarding cyber security now that regulators are becoming more interested in vendor practices.
- SEC - Cyber security has been a focal point at the Securities and Exchange Commission for a few years. But, the SEC's Office of Compliance Inspections and Examinations announced in a Risk Alert on April 15, 2014 that it is undertaking cyber security examinations of more than 50 registered broker-dealers and registered investment advisers.[2] The OCIE will be focusing on the entity’s cyber security governance, identification and assessment of cyber security risks, protection of networks and information, risks associated with remote customer access and funds transfer requests, risks associated with vendors and other third parties, detection of unauthorized activity, and experiences with certain cyber security threats.
---------------------------------------[1] Press Release, FFEIC, FFIEC Launches Cybersecurity Web Page, Promotes Awareness of Cybersecurity Activities, June 24, 2014, https://www.ffiec.gov/press/pr062414.htm.[2] SEC, National Exam Program Risk Alert, Vol. IV, Iss. 2 (April 15, 2014), https://www.sec.gov/ocie/announcement/Cybersecurity+Risk+Alert++%2526+Appendix+-+4.15.14.pdf. [3] NY State Department of Financial Services, Report on Cyber Security in the Banking Sector (May 2014), https://www.dfs.ny.gov/about/press2014/pr140505_cyber_security.pdf. ---------------------------------------Posted by Tatiana Melnik on August 8, 2014
|
April 2024
| Su | Mo | Tu | We | Th | Fr | Sa |
| 1 | 2 | 3 | 4 | 5 | 6 |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| 28 | 29 | 30 |
|
Blog Home
Newest Blog Entries
7/23/15 Hospital Settles with OCR for $ 218,400 Over Cloud-Based File Sharing
6/8/15 Two California Privacy Bills to Watch in 2015
3/28/15 When Looking at Security, Consider Every Device
3/9/15 Alabama Board of Optometry Makes Final a Rule on Telemedicine
1/25/15 Indiana Court of Appeals Upholds $1.44 Million Jury Verdict Against Walgreen Co. in a Privacy Breach Case; Denies Rehearing
12/9/14 Malware Leads to a $150,000 OCR Settlement with a Behavioral Health Provider
11/30/14 Can a Board of Medicine Use the State’s Prescription Drug Database in Investigating Physician Actions?
11/29/14 Under the Florida Telemedicine Rule, Can a Physical be Conducted by Telemedicine?
11/19/14 Wearables and the Challenge for Consumer Device Makers
10/28/14 A Few Telemedicine Resources
10/27/14 FCC: The Newest Regulator to Throw its Hat into the Data Privacy and Security Ring
Blog Archives
May 2014 (6)
December 2014 (1)
January 2014 (4)
October 2014 (2)
October 2013 (9)
November 2014 (3)
March 2015 (2)
February 2014 (4)
April 2014 (6)
November 2013 (3)
July 2014 (1)
August 2014 (4)
July 2015 (1)
March 2014 (3)
December 2013 (5)
September 2014 (1)
June 2014 (3)
January 2015 (1)
June 2015 (1)
Blog Labels
FAQ (6)
Privacy Litigation (3)
FCC (1)
Mobile Apps FDA (2)
Healthcare Fraud (1)
Data Breach (10)
Privacy (4)
Healthcare Competition (1)
Telemedicine (7)
Social Media (2)
Identity Theft (1)
Financial Services (1)
Marketing (1)
Employment (1)
Mobile Apps (2)
BYOD (2)
EHR (2)
Big Data (3)
Security (1)
HIPAA (3)
Meaningful Use (4)
Dental (1)
Medical Marijuana (1)
|
