Network Penetration Testing

US bank regulator raises prospect of cyber

US bank regulator raises prospect of cyber: A top US banking regulator has warned that more legislation may be needed in the fight against an ever-growing cyber-security threat.
Earlier this year President Barack Obama signed a cyber-security executive order designed to improve collaboration and information sharing between the government and critical infrastructure providers such as banks.

In a speech this week, Comptroller of the Currency Thomas Curry said that in line with the order his agency and others are examining whether their supervisory authority is up to the challenge of the cyber age.

Curry told his audience that his office needs to make sure that it is talking full advantage of its current powers: “But if we determine that legislation is needed to fill gaps in our authority, I can assure you that we will move promptly to raise our concerns to Congress.”

In his speech, the Comptroller warns that cyber-attacks are growing in frequency and sophistication. The spate of DDoS hits on bank We sites over the last year may have caused minimal damage but there is the potential for not only disruption but destruction of systems, hitting public confidence in the whole industry.

The tools and infrastructure used by hackers are becoming easier and cheaper to access while banks are becoming more vulnerable because of their reliance on technology, telecommunications, and the connections between them.

With so many third parties also involved “each new relationship and connection provides potential access points to all of the connected networks and introduces different weaknesses into the system. Ultimately, these interconnected networks are vulnerable to attacks that may affect multiple organisations at one time,” says Curry.

Things are only going to become more complicated, warns the speech, because while new technologies, such as cloud computing, social media and mobile banking are a boon for customers, they also expand exposure to cyber attacks, with each new product introducing an new set of weaknesses into the system.

Banks may be under pressure to be at the forefront of innovation but “early adoption of new applications and technology could outpace our ability to identify and mitigate the vulnerabilities during the product design phase, thereby providing new exploit opportunities for cyberattackers,” warns Curry.

The Comptroller says that he has some faith in the ability of big banks, with massive resources and large IT security teams, to fight off attacks. However, he warns that hackers will increasingly turn their attentions to small community banks with less sophisticated defences and a reliance on outside IT vendors.