A new report has found that “Wall Street banks and other financial institutions need further strengthening of their cyber security measures.”
A survey conducted by the New York Department of Financial Services of 40 banks discovered that almost one third of respondents do not require that vendors alert them if they suffer a information or cybersecurity breach.
Additionally, the report found that, “fewer than half of the banks surveyed said they conduct any on-site assessments of third-party vendors. Roughly one in five banks don’t conduct on-site assessments of the service providers. One-third of the institutions surveyed don’t require third-party vendors to mandate similar cyber security requirements on their own subcontractors.” Furthermore, it was discovered that U.S. branches of foreign banks institute stricter protocols then their U.S. counterparts, often requiring “multi-factor authentication — a process that involves more safeguards than a computer password.”
According to Benjamin Lawsky, superintendent of the New York Department of Financial Services, “a bank’s cyber security is often only as good as the cyber security of its vendors. Unfortunately, those third-party firms can provide a backdoor entrance to hackers who are seeking to steal sensitive bank customer data.”