From our Partner Hexis Cyber Solutions
In 2015, financial institutions can expect to have their cybersecurity practices put to the test in every sense of the word. Bank cyberdefenses will be tested not only by the highly evolved insider and outsider threats that are constantly working to breach financial networks, but also by the regulatory exams to which the New York Department of Financial Services will subject them.
To this end, the NYDFS recently announced that its New Cybersecurity Examination Process for the banks under its jurisdiction will require all of the relevant institutions to undergo a rigorous cybersecurity exam to ensure they are at the forefront of network security, The National Law Review reported.
Turbulent 2014 leads to increased emphasis on financial institution cybersecurity
The NYDFS exam comes after a year in which several banks and financial institutions found their networks compromised by attackers looking to steal extremely sensitive financial information and intellectual property. The regulatory body imposes exams on other areas of financial and banking operations, but 2015 will be the first year where a separate exam specifically for cybersecurity is required.
The National Law Review looked at an official letter from the NYDFS and found that the examinations are designed to encourage institutions to make cybersecurity an integral part of their overall risk management strategy, rather than just a subset of IT strategy.
Results of the cybersecurity exam could be made public
It would behoove all of these institutions to take this test seriously, especially in light of the news that the Securities and Exchange Commission could make the exam results public, The Hill reported.
The implications of this should not be lost on the organizations that will be subject to the exam. If a financial institution or bank gets poor results on the cybersecurity exam and those results get published for the public to see, it could have a major impact on that organization’s ability to drive new business or even keep existing customers on board.
Financial cybersecurity could be held to a higher standard
As The Hill explained, many regulators in different agencies feel that financial institutions should be held to higher standards for cybersecurity than other private sector industries, due mainly to the sensitive nature of the information they deal with everyday.
While specific security measures have yet to be mentioned, the recent emphasis on continuous monitoring and automated threat removal among government agencies themselves could be a clue as to where financial cybersecurity is going. These measures, among others, will provide a layer of security that is otherwise missing in perimeter defense-dependent institutions that have proven highly susceptible to attacks in the past