Printer Friendly

Risk assessment focuses on cybersecurity after SEC risk alert.

BANKING AND CREDIT NEWS-October 2, 2015-Risk assessment focuses on cybersecurity after SEC risk alert


The SEC's Office of Compliance Inspections and Examinations ("OCIE") said it has issued a risk alert as they ramp up their second phase of examinations designed to bolster cybersecurity in the financial industries.

Phase One kicked off in In April 2014, when OCIE published their initial announcement on the program as part of their vision for improving cyber security for the securities and financial markets.

The main topics highlighted in the alert are:

o Governance and risk assessment

o Access rights and controls

o Data loss prevention

o Vendor management

o Training

Global Digital Forensics (GDF) founder and CEO/CTO Joe Caruso said, "It's an agenda we've been talking about with our clients for years, but it is great that the SEC is formalizing it a bit more for the securities and financial markets, because they are certainly prime targets, not just for "typical" hackers, but also for deep-pocketed and sophisticated players like organized cybercrime rings and nation-state actors. But the idea whistles true for every organization plugged into the digital world; every one of those areas needs to be considered, planned for, and implemented post haste."

It's not about sophistication, it's about readiness and constant vigilance.

"Most cyber attacks on large institutions, financial and otherwise, aren't normally quick in-and-out types of scenarios, they are longer term, with initial access being gained sometimes months, or even years in advance of the actual "job" being executed. All it takes is one successful phishing or spear phishing attack on someone on the network, or some clever social engineering to con someone into giving up access information, or even finding a way to get infected physical media plugged into a network device, like leaving an infected USB stick in the lobby or the smoking area and counting on natural human curiosity to do the rest. Everybody has to be up to speed, form vendors to employees, but to find the weak links, it will take a comprehensive cyber threat assessment as the first step, which will not only significantly help identify areas to boost data security, but also go a long way in satisfying examination requirements."

Global Digital Forensics is a recognized in the fields of computer forensics, cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas.

((Comments on this story may be sent to

COPYRIGHT 2015 Normans Media Ltd.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2015 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Publication:M2 Banking & Credit News (BCN)
Date:Oct 2, 2015
Previous Article:Patronage dividends issued by 1 in 10 credit unions.
Next Article:Survey finds millennials don't like banks.

Terms of use | Privacy policy | Copyright © 2019 Farlex, Inc. | Feedback | For webmasters