When cybercriminals started turning up the heat on American banks, New York Governor Andrew Cuomo ordered a full audit of New York’s banks and their cybersecurity. The Department of Financial Services (DFS) released their report yesterday, and the diagnosis is dire.
The biggest problem with financial cybersecurity, the report says, isn’t a lack of money for security, or even a need for a better defense plan. It’s that hackers and cybercriminals are growing much more sophisticated than banks can handle.
“One of the scariest aspects of the cyberattacks we’re seeing on financial institutions is not only the growing frequency of attacks, but their severity and sophistication,” DFS Superintendent Benjamin Lawsky told Betabeat.
The number one type of crime was account takeovers, which is the fault of not just banking institutions, but people who can’t protect their own data.
“The question of personal security is intertwined with the bank’s security,” Mr. Lawsky said. “We’re seeing attacks of all kinds — some to get personal information, and some to get into the banking systems to wreak havoc.”
The banks themselves aren’t a big help in gauging the threat, either. Mr. Lawsky said banks don’t want to communicate openly about the threats they face, leaving every man to fend for himself in the name of competition. So about six weeks ago, The DFS arranged an online meeting where banks could share information about security and breaches — the banks showed up, and Mr. Lawsky said it was a good first step for banks to get an idea of what everyone in the industry is going through.
Besides facilitating communication between banks, the DFS is also taking other measures to ward of cybercrime. The DFS is going to start raising the standards for cybersecurity on the examinations it conducts on banks, hoping that if they hold banks accountable, the banks will find their own best solutions.
Mr. Lawsky also says the DFS is considering urging banks to add a second layer of verification at ATMs, like offering a code on your phone to use in conjunction with your PIN. Two-step verification is, after all, one of the many ways Europe is ahead of the US in financial cybersecurity. But Mr. Lawsky knows that there’s no single antidote or solution to the threat of cyber attacks.
“We’ve had a war on drugs since 1971, but there’s still drug dealing,” Mr. Lawsky said. “We need to always be vigilant, and know that we’re not going to eradicate it entirely.”