Regulator warns cyber-crime a major risk to US financial system
In a year in which the economic vulnerabilities in the US financial system remained moderate, cyber-security has emerged as one of the dominant threats to the stability of the economy.
In its annual report to the US Treasury, the Financial Stability Oversight Council (FSOC) warned that threats to the IT infrastructure have the greatest potential to disrupt the financial sector. The authors of the report pointed to a worrying increase in online security incidents “including large-scale data breaches that compromised financial information”.
Last year, JP Morgan Chase reported that 76 million households and seven million businesses lost private information in a data breach.
The report observed that regulators including the US Treasury are taking steps to “prompt financial institutions to mitigate risks to the financial system posed by malicious cyber activities”.
With attacks having the potential to destroy critical data, disrupt systems and impair operations, the report calls for:
- Strong collaboration and data sharing among financial services companies and government agencies
- Improvements in technology infrastructure
- Third-party vendor management (the report notes the increasing use of the NIST Cybersecurity Framework)
- Improved control of administrator access through the use two-factor layered authentication and the monitoring of the use of administrative accounts
- Adequate plans for responding to and recovering from cyber incidents.
The report said that there is a significant risk of a destructive incident that could impair the operations of the financial sector – more worrying even than loss of financial information in a data breach.
“The US financial sector is highly dependent upon information technology systems that are often interconnected,” the report said. “The concentration of key services may create the risk of a cyber-incident impacting many organisations simultaneously, with significant impacts on financial sector operations.”