Nov 15, 2021
99 Views
0 0

Banks outpace other industries in cyber investments, defense strategies: report

Written by

The banking industry has been very attuned to cyber risks, according to Lesley Ritter, VP and senior analyst at Moody’s. 
“They have been dealing with cyber threats for well over a decade, while at the same time being quick adopters of digital technology which has the potential of making them more vulnerable,” Ritter said via email. “This heightened awareness translates into the banking sector standing out relative to other industries in terms of investment in cybersecurity, ability to attract scarce cyber talent and broad adoption of risk mitigation practices.”
A company’s cyber risk is linked to a variety of factors, including its access to liquidity, the health of its balance sheet and its ability to adhere to sound cybersecurity practices rather than the industry it operates in, Ritter said. 
“Still, we view the banking sector as high risk in terms of cybersecurity, because of how attractive it is as a target for many different types of attackers,” Ritter said. “The sector consistently ranks at the top when it comes to the most targeted sectors, and that’s why strong, sustained investment in cybersecurity is critical.”
High-profile security incidents can also spur investment. Capital One suffered one of the biggest data breaches in the industry in 2019, when 106 million records were exposed after a malicious threat actor exploited a firewall misconfiguration
The SolarWinds supply chain attack highlighted the risks involved when companies fail to employ due diligence with third-party vendors. The report shows 100% of banks in North America require cyber risk assessments of new vendors, periodic risk assessments of existing vendors and require timely notification of cyber incidents and vulnerabilities that impact those vendors.  
Regulators in the U.S. have taken steps to promote faster incident reporting and more proactive cyber resiliency measures among banks and other financial-related industries. 
In December 2020, the Federal Deposit Insurance Corp. and the Office of the Comptroller of the Currency proposed a 36-hour window for banks to notify regulators of a cyber incident that could materially disrupt operations. 
The New York State Department of Financial Services issued new regulations in June regarding measures that financial institutions needed to take to protect against ransomware attacks. More than 70 ransomware attacks were reported to the regulator between January 2020 and May 2021, according to the regulator.  
The agency is encouraging private entities and local governments to monitor the catalog, though its usefulness will depend on a company's resources.
The biggest and baddest ransomware groups love an easy vulnerability.
Subscribe to Cybersecurity Dive for top news, trends & analysis
The agency is encouraging private entities and local governments to monitor the catalog, though its usefulness will depend on a company's resources.
The biggest and baddest ransomware groups love an easy vulnerability.
Get the free daily newsletter read by industry experts
The free newsletter covering the top industry headlines

source

Article Categories:
Cybersecurity News

Comments are closed.