Cyber Threats Pose Potential Systemic Risk

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.nasdaq.com/article/occs-curry-cyber-threats-pose-potential-systemic-risk-20130918-00810

WASHINGTON--Hackers and other cybercriminals pose as grave a threat to the
financial system as the recent financial crisis if banks and government
officials don't mount an effective response, a top U.S. official warned
Wednesday.

The growing sophistication of cyberattacks spawned by criminal
organizations, hackers and other foreign governments could pose a systemic
risk to the financial system, Comptroller of the Currency Thomas Curry said
in prepared remarks for a speech in Washington. While such threats are
manageable the risks should not be downplayed, Mr. Curry said.

"The financial services industry is one of the more attractive targets for
cyberattacks, and, unfortunately, the threat is growing," Mr. Curry said.

Regulators and financial industry executives have increasingly raised
alarms about the ability of cybercrimes to disrupt the financial system.
Banks have spent millions trying to stave off and respond to such strikes,
including " denial-of-service" attacks against banks such as Bank of
America Corp. ( BAC ) and Capital One Financial Corp. (COF ) that take down
bank websites.

One growing area of concern is the potential for criminal elements to
target smaller banks, which frequently have less sophisticated protections
than their Wall Street brethren. Regulators have warned that cybercriminals
could exploit a weakness at a smaller firm as a way to access payment
systems and the financial system more broadly, taking advantage of the
increasing interconnectedness of banks.

"Each new product can introduce a new set of weaknesses into the system,
and our early adoption of new applications and technology can outpace our
ability to identify and mitigate the vulnerabilities," Mr. Curry said.

Regulators and the financial services industry need to better share
information, as do the host of federal agencies that track and respond to
potential cyberattacks, Mr. Curry said. He noted that government officials
have held a regular series of classified briefings for banks on potential
threats, and stressed that bank executives need to take responsibility for
combating potential risks.

"It's vital that senior management appropriately evaluate risks and develop
prudent implementation and contingency plans," Mr. Curry said.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.