Cybersecurity standards for financial services providers are gaining more backing from regulators as threats from cyberattacks continue to rise.
According to the Identity Theft Resource Center (ITRC), the number of data breaches in the financial services sector doubled between 2014 and 2015. As of early September, there were another 21 reported breaches, with at least 5,200 records exposed — and those are only the known exposures. ITRC lists “unknown” for the number of records exposed for most of this year’s breaches.
It’s the pervasiveness of these types of threats that prompted the New York State Department of Financial Services (DFS) to propose cybersecurity standards for financial services companies, which, according to the Insurance Journal, is the first proposed regulation of its kind in the U.S. These standards require financial services institutions to “establish and maintain a cybersecurity program designed to protect consumers and ensure safety within New York’s financial services industry.”
The Financial Stability Oversight Council consistently lists cybersecurity as one of the leading threats to financial stability. But because regulators have been slow to adopt national standards, the Federal Financial Institutions Examination Council (FFIEC) is taking steps to elevate awareness.
Workplace Mobility Raises Further Concerns
The rise in workplace mobility must be addressed in every cybersecurity program, as mobile apps are increasingly popular among both consumers and employees, and are advocated by many consultants as part of financial institutions’ “mobile first” strategies. A recent article in The Financial Brand even went a step further, calling for financial institutions to consider a “mobile only” design, arguing that a mobile first design may soon be a subpar strategy.
Earlier this year, the FFIEC issued new guidance highlighting mobile banking risks. Appendix E of the FFIEC IT Examination HandBook InfoBase stresses the importance of financial services firms knowing and understanding the potential threats of mobile banking apps, as well as understanding the risks associated with financial services firms’ own mobile infrastructures.
Other security threats arise from employee browsing or fake app stores, which can install malware or steal mobile banking credentials and developer certificates from legitimate app stores. To combat these threats, organizations should educate employees about the problems with rogue app stores, ensure they’re deploying a strong device security platform such as Samsung Knox, while also separating personal and business applications to provide additional protection against the growing number of cyberthreats.
To combat cybersecurity threats, mobile data protection is crucial. Samsung Knox provides a multilayered security platform from the hardware to the application layer, protecting the integrity of the entire device.