Is the Government the Weak Link in the Financial Sector’s Security Efforts?

After cautioning the financial sector about the critical threat hackers pose, the SEC is facing something of an ironic turn of events. The agency, along with the Commodity Futures Trade Commission, are increasing demands for data from financial organizations, for the purpose of closer monitoring. Financial firms and industry trade groups, however, have responded with deep concern about the agencies’ ability to safeguard sensitive data from hackers.

Industry critics have speculated that financial firms are using cyber security as an excuse to avoid expensive new reporting requirements. But incidents substantiating the worries aren’t hard to find. In the past year, regulatory agencies and federal government offices have experienced several high-impact data breaches that could understandably erode trust from the private sector.

Late in October, the Office of Comptroller of Currency disclosed that a former employee had taken approximately 10,000 records, without authorization, using a pair of portable thumb drives. A few months prior to that, a House committee uncovered a systems breach at the FDIC, involving 10 servers and 12 workstations affected by malware. Alarmingly, this event went unreported at the time.

Although more than a year has passed since the disastrous breach at the Office of Personnel Management, that event also remains a significant blight on the federal government’s data privacy record. And compounding the concern, industry trade groups say the SEC has offered few details on how it has developed its cyber security capabilities in line with the increased data volume it will receive.

Thus far, opposition to regulators’ new requirements, on grounds of cyber security concern, has had some success in slowing the progress of demands. The agencies, however, remain steadfast in their goals, and finance organizations will undoubtedly be tasked with sharing larger volumes of sensitive data in the coming months.

As such, it’s imperative that financial firms take measures in their own cyber security efforts to protect the safety of the data they share with third parties. Beyond simply checking off requirements, compliance programs should position firms to identify, protect, detect, resolve and respond to threats at any point in their data sharing. For those organizations with limited internal resources, a managed security program may be the best option for effective monitoring and reporting. Finally, vulnerability assessments should account for integrations with third-party systems to find any weaknesses.

Gotham Security specializes in tailored cyber security solutions to meet the needs of financial firms, and we can help ready your organization for secure data sharing. For more information on the services we provide, contact us at info@gotham-security.com or 917.734.4120.