After JPMorgan Cyberattack, fortification of Wall Street Banks is a must
Federal and state regulators are said to be discussing fortification of a critical area of cybersecurity: outside vendors, including law firms, accounting and marketing firms and even janitorial companies.
This summer’s huge cyberattack on JPMorgan Chase and a dozen other financial institutions is accelerating efforts by federal and state authorities to push banks and brokerage firms to close some gaping holes in their defenses.
Under discussion is a requirement that the banks put in place more stringent procedures and safeguards to make sure the outside firms have, at the least, basic defenses.
The problem is causing some security consultants to privately consider whether the sprawling financial firms with operations across the globe may be “too big to secure.”
“It is abundantly clear that, in many respects,” Mr. Lawsky said in the letter, “a firm’s level of cybersecurity is only as good as the cybersecurity of its vendors.”
The Securities and Exchange Commission is conducting an audit of 50 firms to assess their readiness for attacks as well as their relationships with vendors. The Financial Industry Regulatory Authority is conducting its own broad look at how American brokerage firms and asset management firms deal with assaults from hackers and how they oversee their vendors.
Still, it remains unclear just how the hackers got into JPMorgan’s network, and the bank has determined that they did not gain access to JPMorgan’s computer systems through the Corporate Challenge website.
“We have no evidence to indicate that attackers compromised a third party to gain access to our network as part of this incident,” Patricia Wexler, a JPMorgan spokeswoman said, referring broadly to vendor security.
Susan F. Axelrod, executive vice president of regulatory operations at the financial industry’s regulating agency, said financial firms needed to improve their criteria in hiring vendors
She suggested that contracts with vendors “deal upfront” with the process of ending a relationship and safeguarding access to a firm’s computer network.
Source: NYT- After JPMorgan Cyberattack, fortification of Wall Street Banks is a must
