New York – In wake of the mass scale JPMorgan Chase Bank cyberattack uncovered in August, United States federal authorities are urging financial institutions and brokerage houses to close the glaring security holes in their services.
In a letter sent to several banking institutions Thursday, New York State Department of Financial Services superintendent, Benjamin Lawsky, expressed concern over the “level of insight financial institutions have into the sufficiency of cybersecurity controls of their third-party service providers,” Retuers reported.
New York State’s top financial regulator has requested banks to disclose “any policies and procedures governing relationships with third-party service providers,” according to the official statement banks received.
Lawsky’s statement continued, saying banks must provide “any due diligence processes used to evaluate” the standards of third-party security services and suites. Meaning financial institutions need to overview third-party products security in place before implementing the services into their banking network.
Lawsky also said financial intuitions need to outline all possible methods of protection and implement them for the protection and safeguard of sensitive data transmitted to and from vendors.
“It is abundantly clear that, in many respects, a firm’s level of cybersecurity is only as good as the cybersecurity of its vendors,” Lawsky wrote in the letter.
In JPMorgan Chase Banks August data breach, 76 million households and 7 million business accounts had their names, addresses, phone numbers and email addresses publicly leaked. Making this one of the largest data breaches of all times, considering that hackers had access to over 80 servers housing the financial data.
Yet the company claimed there was no evidence of account numbers, passwords, user IDs, birth dates or Social Security numbers being stolen in the breach.
The real question remaining is why banking intuitions are not already utilizing these security measures. Lawsky’s statements are asking banks to close the security holes, acting as if the billion dollar companies are leaving the services vulnerable to hackers for some form of financial gain.
The list of companies affected by data breaches appears to be never ending, underscoring how vulnerable and sensitive data has become.
In September, Home Depot retailer experienced a 56 million credit card breach due to cybercriminals infecting the point-of-sale system, making the Target breach appear almost subtle.