Saturday, June 28, 2014
FFIEC Cybersecurity Assessments Begin
500 Community Institutions to Be Examined in Pilot
The Federal Financial Institutions Examination Council has started its cybersecurity assessment pilot program, which will examine more than 500 community banking institutions. Plus, the council has launched a Web page dedicated to cybersecurity information.
The pilot program is slated to run through July, says Stephanie Collins, spokesperson for the Office of the Comptroller of the Currency.
The aim of the pilot program is to help smaller banking institutions address potential security gaps. The assessments will be conducted by state and federal regulators during regularly scheduled examinations, the FFIEC says.
"Information from the pilot effort will assist regulators in assessing how community financial institutions manage cybersecurity and their preparedness to mitigate increasing cyber risks," the council says.
Areas the regulators will be focusing on during the cyber-assessments include risk management and oversight; threat intelligence and collaboration; cybersecurity controls; service provider and vendor risk management; and cyber-incident management and resilience.
"Another aim of the pilot is to help regulators make risk-informed decisions to enhance the effectiveness of supervisory programs, guidance and examiner training," the FFIEC says.
Read more here.
Thursday, June 26, 2014
By J. D. LeaSure, President/CEO ComSec LLC
Healthcare related cybercrime continues its very remarkable upward trend. Electronic Health Records (EHRs), online healthcare portals, the street value of stolen Protected Health Information (PHI / e-PHI) / Individually Identifiable Health Information (IIHI) and limited cyber security programs have all contributed to this steady increase. And, as healthcare related cybercrime rises, regulators continue to develop or modify laws and regulations aimed at protecting the information, and ultimately the consumer.
Healthcare companies tasked with protection of personal and/or protected health information must implement a thorough and effective risk analysis and risk management program to comply with the legal and regulatory requirements. If your cyber security risk program focuses too strongly on IT security, the program needs to be reevaluated. Electronic eavesdropping devices are inexpensive, easy to use, and can capture a great amount of data in an inconspicuous manner. Data breaches are costly, create criminal and civil liability and can irreparably damage your company’s reputation and future earnings potential. Omitting Cyber TSCM and TSCM from your risk management process could be a very costly mistake.
Friday, June 20, 2014
By J. D. LeaSure, President/CEO ComSec LLC
The cybersecurity programs of American businesses need to improve! Ask consumers and they’ll agree. With major data leaks by large retailers and financial institutions, most consumers have been impacted, either directly or indirectly. Regulators have noticed the frequency and severity of the breaches too, particularly their ultimate impact on our national security.
How can financial institutions improve their cybersecurity programs? Arm yourself with the knowledge you need to protect your organization, and implement an effective cybersecurity program. Helpful information follows:
Wednesday, June 18, 2014
Friday, June 13, 2014
Tuesday, June 10, 2014
A Washington think tank has estimated the likely annual cost of cybercrime and economic espionage to the world economy at more than $445 billion — or almost 1 percent of global income.
The estimate by the Center for Strategic and International Studies is lower than the eye-popping $1 trillion figure cited by President Obama, but it nonetheless puts cybercrime in the ranks of drug trafficking in terms of worldwide economic harm.
“This is a global problem and we aren’t doing enough to manage risk,” said James A. Lewis, CSIS senior fellow and co-author of the report, released Monday.
The report, funded by the security firm McAfee, which is part of Intel Security, represents one of the first efforts to analyze the costs, drawing on a variety of data.
“Cybercrime costs are big, and they’re growing,” said Stewart A. Baker, a former Department of Homeland Security policy official and a co-author of the report. “The more that governments understand what those costs are, the more likely they are to bring their laws and policies into line with preventing those sorts of losses.”
According to the report, the most advanced economies suffered the greatest losses. The United States, Germany and China together accounted for about $200 billion of the total in 2013. Much of that was due to theft of intellectual property by foreign governments.
Though the report does not break out a figure for that, or name countries behind such theft, the U.S. government has publicly named China as the major perpetrator of cyber economic espionage against the United States.