Financial – Page 3 – CyberSecurity Institute

Cyberattacks on banks signal urgent need for security bill, lawmakers say

Posted on April 3, 2013December 30, 2021 by admini

.”These banks are among the best in the country when it comes to cyber security, but even they are having trouble keeping up with attacks that have the sophistication and the level of resources that a nation-state entity like Iran can devote to them,” he said.

Adam Schiff, D-Calif., a senior member of the House Intelligence Committee, told NBC News Wednesday that the FBI and “other law enforcement agencies are following up aggressively to identify the responsible parties” of the attacks. “Our computer networks are the subject of daily assault by hostile hackers, both state sponsored and independent, who hope to obtain confidential information for economic gain, to test our defenses, or simply because they can,” Schiff said.

Rogers, who is pushing for the passage of the Cyber Intelligence Sharing and Protection Act, H.R.624, says that the federal government is “trying to share cyber threat information with these banks to help them get ahead of these attacks. He said, “needs to pass bipartisan information sharing legislation to knock down those barriers, so that American companies can protect their computer networks and the valuable intellectual property and personal customer information that resides on them.”

Doug Johnson, the American Bankers Association’s vice president of risk management policy, told NBC News that the attacks “have been intensifying since October and we expect them to continue.

Link: http://www.nbcnews.com/technology/technolog/cyberattacks-banks-signal-urgent-need-security-bill-lawmakers-say-1C9202532

7 Duties for CISOs under FISMA Reform

Posted on April 1, 2013December 30, 2021 by admini

Overseeing the establishment and maintenance of a security operation that through automated and continuous monitoring can detect, contain and mitigate incidents that impair information security and agency information systems;
Developing, maintaining and overseeing an agencywide information security program;
Developing, maintaining and overseeing information security policies, procedures and control techniques to address all applicable requirements;
Training and overseeing personnel with significant responsibilities for information security;
Assisting senior agency officials on cybersecurity matters;
Ensuring the agency has a sufficient number of trained and security-cleared personnel to assist in complying with federal cybersecurity law and procedures;
Reporting at least annually to agency executives the effectiveness of the agency information security program; information derived from automated and continuous monitoring, including threat assessments; and progress on actions to remediate threats.

If enacted, the bill would create a federal information security incident center to provide timely technical assistance to operators of agency information systems regarding security incidents; compile and analyze information about incidents that threaten information security; inform operators of agency information systems about current and potential information security threats and vulnerabilities; and consult with the National Institute of Standards and Technology, agencies or offices operating or exercising control of national security systems regarding information security incidents and related matters.

The legislation also would give the director of the White House Office of Management and Budget the authority to oversee the development and implementation of policies, principles, standards and guidelines on information security as well as oversee the operations of a federal information security incident center.

Tom Carper, the Delaware Democrat who chairs the Senate Homeland Security and Governmental Affairs Committee, has promised that his panel will draft a FISMA reform measure, but it is unclear whether it would be in the form of a standalone bill or part of a more comprehensive cybersecurity legislative package.

Link: http://www.bankinfosecurity.com/7-duties-for-cisos-under-fisma-reform-a-5620?rf=2013-03-25-eb&elq=5558a599647941f893a08b7d1d03e296&elqCampaignId=6234

Wells Fargo says cyber attack disrupting website

Posted on March 26, 2013December 30, 2021 by admini

Since September, a hacker activist group called the Izz ad-Din al-Qassam Cyber Fighters has said it was launching denial of service attacks against major U.S. banks.

In a posting Tuesday on pastebin.com, the group listed Wells Fargo as one of the banks “being chosen as a target.”

In its annual report filing last month, Wells said it had not experienced any “material losses” related to cyber attacks but that enhancing its protections remained a priority.

Link: http://www.theoaklandpress.com/articles/2013/03/26/news/story_a57178bd-e005-4605-9097-7ba3ca50eccf.txt?mobredir=false

Australian central bank computers hacked

Posted on March 11, 2013December 30, 2021 by admini

A defence department official cited by the newspaper said “the targeting of high-profile events, such as the G20, by state-sponsored adversaries … is a real and persistent threat”.

In another sophisticated incident the month before, revealed on the central bank’s disclosure log under its freedom of information obligations, “targeted” emails were received regarding its strategic planning for 2012.

“Malicious email was highly targeted, utilising a possibly legitimate external account purporting to be a senior bank staff member,” an official report by the bank’s risk management unit said. “As the email had no attachment, it bypassed existing security controls, allowing users to potentially access the malicious payload via the Internet browsing infrastructure.”

Last year, Chinese telecoms giant Huawei was barred from bidding for contracts on Australia’s ambitious Aus$36 billion (S$46.16 billion) broadband rollout due to fears of cyberattacks.

Link: http://news.asiaone.com/News/Latest%2BNews/Science%2Band%2BTech/Story/A1Story20130311-407662.html

Two-thirds of banks suffered a DDoS attack in 2012

Posted on January 22, 2013December 30, 2021 by admini

Banks are still predominately relying on previously deployed traditional technology, in particular firewalls (35%), to protect their organisation from today’s sophisticated attacks according to the survey, further raising concerns about the extent of board-level buy-in.

Morgan Chase & Co., Bank of America and Wells Fargo were just a few high-profile victims of cyber attacks in 2012 – a year which raised serious concerns regarding the safety of financial institutions – and Meyer says this is prompting banks into action. “We are seeing a tonne of activity in terms of engagement of the number of banks who are searching for information about DDoS mitigation, so I actually think there is going to be a ramped amount of spending in 2013,” he said.

We have met with a few banks already this year and all of them have a budget for DDoS, and many of them for on-premise DDoS.”

Link: http://www.insurancetimes.co.uk/two-thirds-of-banks-suffered-a-ddos-attack-in-2012/1400637.article

ID Theft Victims Spending Less In Cleanup Aftermath

Posted on May 21, 2010December 30, 2021 by admini

Check fraud increased last year over 2008; 42 percent of the victims say their checks were stolen and their signatures forged, up from 35 percent the previous year.

The ITRC says the bottom line is you can’t completely prevent ID theft.

http://www.darkreading.com/insiderthreat/security/client/showArticle.jhtml?articleID=224900713&cid=RSSfeed