Key IT Risk Management Issues for Banks and Other Financial Services
Throughout the last couple of years, banks and financial institutions have continued to face serious threats from cybercriminals targeting the personal information of banking customers and their financial assets. Last summer, JPMorgan experienced one of the largest breaches with about 83 million households and businesses affected. This incident illustrates the vulnerability of financial institutions to hackers. Malicious groups and individuals are systematically looking for ways to gain access to sensitive data, which needs to be a top concern for everyone in the financial services sector.
According to the Wall Street Journal in the JPMorgan case: “The hackers were able to attain high administrative privileges within JPMorgan’s network, rooting more than 90 servers and rummaging through customer databases with detailed information for 76 million households and seven million small-business online accounts.” Also, hackers were able to obtain a file that “contained a list of every application and program deployed on standard JPMorgan computers that hackers can crosscheck with known, or new, vulnerabilities in each system in a search for a backdoor entry.” This may place an even longer-term strain on the company, putting it and customers at greater legal and financial risk. And, one of the most unnerving things about this breach, as with many others, it’s still unclear how the hackers were able to gain access to the institution’s high administrative privileges.
The Key IT Risk Management Issues for Banks and Financial Services Companies, include:
- High-audit probability
- Litigation risk
- Compliance with FTC 16 CFR Part 314: Standards for Safeguarding Customer Information Final Rule
According to the federal register, all financial institutions must “develop, implement, and maintain a comprehensive written information security program that contains administrative, technical and physical safeguards.” Banking and financial institutions must also “take reasonable steps to assure that any third party to which it discloses customer information has safeguards that are adequate to fulfill the representations made by the financial institution regarding the security of customer information or the manner in which it is handled by third parties.”
In essence, financial institutions must show due diligence in protection of sensitive data, though from a legal perspective, the precise terms of “sufficient due diligence” have not been defined. In the meantime, Brass Valley’s financial services experience helps banks and other financial institutions protect the sensitive data in their care, helping them meet compliance requirements, managed audits and perhaps most important, maintain customer and market trust.
Financial institutions and their executives need to take a complete risk management approach to help prevent a potential data breach, in addition to developing breach response plan in order to protect market value, customers’ trust, and executives’ careers, and prevent the negative financial and legal ramifications of a data breach.
Brass Valley works with financial clients to reduce the growing risk of data security breaches, giving them greater confidence through accurate management and increased control of their IT assets. If you’d like to talk to us more about how we can help you, please contact us.
To learn more about the threat that embedded data can pose to your company, please download our white paper: Embedded Data: Your “Hidden Secret” to Stopping a Major Data Breach — A call for awareness to the security threat of embedded data. It aims to educate customers and the public at large about the potential exposure and hidden dangers of embedded media if it falls into the wrong hands.
