How cybersecurity systemization is changing financial institutions today
Cyberattacks are a global epidemic today. They target organizations, critical infrastructure, and governments around the world with timely, sophisticated attacks. Examples of this include ransomware attacks like Petya and WannaCry. These put some of the world’s most critical functions on hold for a while.
Another example was the Equifax data breach that affected about 143 million Americans. With the persistence of these attacks many people believe that by 2021 cybercrime will cause $6 trillion in damages.
What’s Behind Cybercriminal Activity Today
Most cybercriminals are motivated by monetary rewards. With ransomware attacks cybercriminals target critical infrastructure and healthcare organizations, holding their data captive until they’re paid. There are also some cyber attackers who will steal your personally identifiable information (PII) which includes things like financial records. Many cyber attackers will sell this information on the dark web where buyers use it for things like identity theft and tax fraud. Clearly these things have long-term effects since personal information isn’t easy to change. It’s also difficult to track its misuse after a breach.
There’s no end to these attacks and breaches in sight. In fact, CSO Online says that people are finally starting to realize that nobody is immune to modern cyberattacks today. However, there’s a lot that can be done to protect critical resources and market sectors. This is why new regulations across Europe, Asia, the UK, and the US are being implemented. These will ensure that there are proper security measures to protect your valuable data.
Recent Cybersecurity Regulations
Financial service firms that operate on a global basis need to be aware of new cybersecurity regulations and how they affect them. This is the only way they can navigate through data rules and remain compliant with them -- especially when conducting business across the borders. Today compliance is something that you can’t overlook since the punishment for noncompliance typically includes large fines. With this in mind, here are some of the most recently proposed or implemented cybersecurity regulations in the financial services sector:
- China is placing additional requirements on network and system security in hopes of better aligning with industry and global cybersecurity standards. It directly impacts the financial services sector since this is a critical information infrastructure (CII) -- a sector wherein a data breach would compromise national security or public welfare. Under this law authorities must have access to data when requested. Financial services firms must also demonstrate that their IT infrastructure meets certain specifications and can pass standard cybersecurity tests and certifications. They must also store any data they collect regarding Chinese citizens on servers within the country’s borders -- it can’t be moved abroad without permission. Failure to comply and implement any necessary cybersecurity measures can result in criminal charges and fines of up to 1 million yuan (just over $150,000 USD).
- Singapore is working on a new cybersecurity bill that still needs to pass through their parliament. It’s like China’s cybersecurity law in that it’ll have greater visibility and authority regarding how data is used, processed, and stored. The bill requires financial services to report any cyber incidents or modifications of system design or security to the Commissioner of Cybersecurity. Lack of compliance can result in fines of up to $100,000 or up to 10 years imprisonment.
- The European Union is aiming to put European citizens back in charge of their data. Under this law consumers must now actively consent to businesses who want to process their data and they can also withdraw their consent at any time or request their data be transferred to other organizations. The bill also offers the "Right to be Forgotten," which means citizens can ask for their data be completely erased or not be processed at all. This doesn’t only apply to organizations in Europe, but it also applies to all organizations that process and store data on European citizens regardless of where they’re physically located. Noncompliance can result in fines of €10 million -- €20 million or 2 percent -- 4 percent of worldwide annual turnover, whichever is higher based on the degree of their infringement.
- The United Kingdom will also participate in the European Union’s law even though they’re leaving the European Union behind. However, they’re making some minor changes in how they address journalists and scientific researchers.
- The United States is also becoming increasingly focused on cybersecurity at both the state and national level. The New York Department of Financial Services’ (DFS) 23 NYCRR 500 cybersecurity regulation makes it so that New York’s banks have 72 hours in which they must report any cyber incidents that could compromise data including disruptions by ransomware or DDoS attacks. Banks are also required to have a robust cybersecurity plan in place and employ someone who oversees its processes and maintenance.
Maintaining Compliance Around the World
There are heavy financial and business consequences any time there’s a lack of compliance with these new regulations. Financial service firms need to review each of these new regulations to ensure compliance and how their organization will be affected. They also need to take time to understand that the use of open source antivirus can keep your data safe from any kind of breach. Of course, it’s important to understand that each law requires financial organizations to take different cybersecurity measures, but these measures will be valuable for everyone.
Conducting a cyber threat assessment (CTA) gives financial service firms an in-depth look at the security protocol they already have in place. They’ll also see in what areas they’re at risk. This gives them the chance to make adjustments to security and demonstrate to the regulating bodies that they’re making security and compliance priority.
Today it’s important for financial services firms to take an architectural approach to security. This provides them with greater data visibility across distributed environments. Regulations are continuing to also grow. These require data to be made available to consumers and regulating bodies in a timely fashion. The combination of these things is integral to compliance. IT and security infrastructure need to adapt and change to keep up with all these things making data visibility key today.
Peter Davidson works as a senior business associate helping brands and start ups to make efficient business decisions and plan proper business strategies. He is a big gadget freak who loves to share his views on latest technologies and applications.