BOSTON (5/19/14)--U.S. Comptroller of the Currency Thomas J. Curry spoke to the New England Council Friday about the importance of cybersecurity in finance, particularly when it comes to financial institutions using third-party technology.
"Not so many years ago, hacking was largely the domain of bright amateurs who were mainly interested in exploring data networks or demonstrating their hacking skills to their peers. Today, though, it's the province of an array of terrorists, organized criminals and so-called 'hacktivists' intent on doing real harm," he said.
Curry noted the increasing frequency of multiple types of cyberattacks in recent years that range from distributed denial of dervice attacks to ATM cash-out schemes to the card data security breach at Target last holiday season.
Growing reliance on new commerce mechanisms, such as Internet bill payment, mobile banking and shopping through smartphone applications, can create new vulnerabilities. The consolidation of many of these platforms into a single vendor, increased reliance on foreign vendors and third-party access to financial and consumer data all bring their own set of risks that must be mitigated, Curry said.
"Each new relationship and every new connection provides potential access points to all of the connected networks, any one of which can provide access to the system," he said. "These interconnected networks are potentially vulnerable to attacks that may affect multiple organizations at one time."
The Office of the Comptroller of the Currency issued updated guidance last October that focuses on the risk-management process throughout the lifecycle of a third-party relationship, as well as urges management to directly oversee those activities.
"What concerns me most is that risk management practices haven't always kept pace with the risks institutions take on," he said.
The Federal Financial Institutions Examination Council, of which the National Credit Union Administration is a member, has created a working group on cybersecurity issues, working with intelligence, law enforcement and homeland security to share information and help financial institutions of all sizes shore up their defenses.
"This isn't a problem that any one agency or institution can solve on its own," he said. "To deal effectively with cyberthreats, institutions both large and small need to communicate, not only with each other but also with relevant government agencies."
The NCUA in March launched a new resource for credit unions--a webpage that provides links to cybersecurity and data security resources.
Use the resource links for more information.