Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
Oct. 11 — Group of Seven (G-7) financial leaders have endorsed non-binding cybersecurity best practices for banks and financial institutions to help combat cybersecurity threats, according to guidelines released Oct. 11.
The best practices, “Fundamental Elements of Cybersecurity for the Financial Sector,” are aimed to address the increased level of “sophistication, frequency and persistence” of cyberattacks that are growing “more dangerous and diverse,” the guidelines said.
The guidelines will help the financial sector along with their public-facing entities to protect the “interconnected global financial institutions that operate and support these systems,” it said.
The goal of the guidelines released by the G-7—Canada, France, Germany, the U.K., Italy, Japan and the U.S.—is to provide “fundamental elements” to “help address cyber risks facing the financial sectors from both entity-specific and system-wide perspectives,” U.S. Treasury Deputy Secretary Sarah Bloom Raskin, co-chair of the G-7 Cyber Expert Group, said in Oct. 11 statement.
The G-7 Cyber Expert group was created in 2015 to survey member countries' financial sector cybersecurity awareness and is tasked with recommending cybersecurity best practices to the G-7 finance ministers and central bank governors.
The financial institutions' cybersecurity best practices focus on bolstering a bank's internal infrastructure in addition to enhancing information sharing across banks and public-sector stakeholders.
The guidelines outline eight elements for cybersecurity best practices including: establish and maintain a cybersecurity strategy and framework; define and facilitate performance of roles and responsibilities in overseeing cybersecurity plan; identify inherent cybersecurity risks presented by “people, process and technology”; establish systematic monitoring processes to detect sophisticated cyberattacks; set up systems to timely address cybersecurity threats; implement systems to resume operations quickly after a cyberattack; share information with government and third-party stakeholders to better protect against future cyberthreats; and continue to learn cybersecurity best practices to stay ahead of the curve.
Federal Reserve Board Vice Chairman Stanley Fischer said in a Oct. 11 statement that banks who adopt best practices help harden each link in the cybersecurity chain of the “global financial system.”
“The international financial architecture is only as strong as its weakest link and that is why the United States should work with out partners around the world to bolster their information security and resiliency,” Fischer said.
The increased call for financial institution's cybersecurity best practices comes off the heels of the Bangladesh bank heist and its fallout.
In February 2016, thieves were able to steal $81 million from the central bank of Bangladesh's account at the New York Federal Reserve. The hackers were able to infiltrate the bank-to-bank messaging system Society for Worldwide Interbank Financial Telecommunications (SWIFT) (15 PVLR 1162, 6/6/16). Investigators subsequently said that hackers could have breached computers at as many as 12 banks using SWIFT (15 PVLR 1161, 6/6/16).
Although the focus of the attacks have been on Bangladesh's central bank, the cyberattacks may have affected up to 12 other banks across the world—banks in the Philippines, New Zealand, among others.
The perceived lack of federal inaction on bank cybersecurity and a rush of cyberattacks at large banks—JPMorgan Chase & Co. and HSBC Group—led some states to propose rules addressing the growing breach concern. New York’s Department of Financial Services introduced cybersecurity guidelines directly to banks and other financial institution—a move that Gov. Andrew Cuomo (D) called a “first-in-the-nation” endeavor (15 PVLR 1868, 9/19/16).
The biggest impact of the New York regulations is likely to be on small banks and insurers, which may now need to bring their cybersecurity programs up to at least a minimum standard .
With assistance from Russell Ward in Tokyo
To contact the reporter on this story: Daniel R. Stoller in Washington at firstname.lastname@example.org
The financial institutions' cybersecurity best practices guide is available at http://src.bna.com/jhP.
Copyright © 2016 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)