Financial services companies are not only finding innovative ways to implement new security initiatives, they’re also finding innovative ways to fund them. ABN AMRO Bank N.A. now requires all the bank’s application projects to allocate one percent of their funding to their security. “If you have to mitigate security risk after the fact, it’s a costly exercise,” Bernik told attendees of the Cyber Security Executive Summit. CISOs and risk management officials at major financial institutions speaking here say they are struggling to keep up with emerging threats and the ever-changing regulatory landscape. They face not only phishing exploits, but emerging application-level security issues, client laptop security, and compliance with regulations like strong authentication for online banking, which banks must deploy by the end of the year, according to FFIEC regulations.<\/p>\n","protected":false},"excerpt":{"rendered":"
Bernik says his company is “trying” to routinely perform risk assessments on projects before they go live. “I’ve had challenges in my business getting business owners to listen and take heart” in implementing security controls.”<\/p>\n
Banks are weighing the cost of strong authentication: Token-based authentication may make sense internally, but not for consumers, they say. “You’re not going to pay $30 to $40 for each of your millions of customers,” Axelrod said. Getting funding for security is not just a matter of folding it into projects from the get-go, but also making it a selling point for your customers, financial execs say.<\/p>\n
http:\/\/www.darkreading.com\/document.asp?doc_id=103706&WT.svl=news2_3<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-359","post","type-post","status-publish","format-standard","hentry","category-financial"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/359","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=359"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/359\/revisions"}],"predecessor-version":[{"id":2846,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/359\/revisions\/2846"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=359"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=359"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=359"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}