Duane Morris partner Joseph Burton was featured in a video on Bank Info Security on the impact of regulators involved in cybersecurity.
The Federal Trade Commission and the Federal Communications Commission are among U.S. regulators now starting to flex their muscles when it comes to enforcing cybersecurity standards, says Burton. What enforcement trends might we expect to see in 2017?
To view the video, please visit the Bank Info Security website.
As reported in the Wall Street Journal on December 21, banks are spending enormous sums on cybersecurity (Wells Fargo’s CEO John Stumpf says ‘It is the only expense where I ask if it’s enough’), and much of that is directed towards reducing risks from employees who unwittingly make it easier for hackers to breach a bank’s defenses. Employee error results in approximately 30% of data breaches, according to a survey released last month by the Association of Corporate Counsel. Banks in particular face substantial risk because they possess so much customer information, as well as huge sums of money.
Among the ways that cybercriminals gain access to protected data are out of office messages on work computers and phones , and vacation photos posted on social media ( which signal unmonitored computers ). A significant risk is posed by employees opening phishing emails, especially the increasingly sophisticated “spear phishing” emails, that appear to be requests from high-ranking bank officials. Many banks send employees simulated phishing attacks . The opening of one of these fake phishing emails may, for example, start a video to educate the employee on how they should have handled the situation.
These efforts are another indication that fighting cyber crime involves virtually all parts of an organization, not just the IT department.