OCC's Curry: Cyberthreats Are Grave

Speech Highlights Heightened Risks to Banks
OCC's Curry: Cyberthreats Are Grave
Thomas Curry

U.S. banking institutions' reliance on the Internet and emerging technologies such as mobile is opening the door for increased cyber-risks, which pose a threat that's potentially as grave as the recent financial crisis. That was the message delivered by Comptroller of the Currency Thomas Curry in prepared remarks for a Sept. 18 speech in Washington.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors

"From a vulnerability perspective, we are at increased risk due to our banking system's significant reliance on technology and telecommunications, and the interconnections between these systems," Curry said. "Banks not only operate their own networks, they also rely on third parties to support their systems and business activities. Some of these third parties have connections to other institutions and servicers. Each new relationship and connection provides potential access points to all of the connected networks and introduces different weaknesses into the system."

That interconnectivity has raised new awareness about potential fraud threats and risks posed by distributed-denial-of-service attacks, which have been targeting U.S. banks and credit unions for the last year, he points. As a result, the Office of the Comptroller of the Currency is working with other banking regulators, through the Federal Financial Institutions Examination Council, to evaluate these emerging risks and assist banking institutions in developing strategies to defend their networks and online presences, Curry said.

In June, the FFIEC launched a new task force, the Cybersecurity and Critical Infrastructure Working Group, to address banking institutions' unique cyber-threats. Members of this group have already met with intelligence, law enforcement and homeland security officials, he said. They also are reviewing how best to implement strategies outlined in the President's Executive Order on Cybersecurity, as well as address recommendations offered by the Financial Stability Oversight Council, Curry said.

"As we develop the working group's priorities, there are a number of areas that I hope the group will engage in," he said. "We need to identify and address gaps in the landscape of federal and state bank examination policies related to cybersecurity and critical infrastructure resilience. It is important that our examiners continue to have clear and meaningful policy guidance to address today's threats - and tomorrow's."

Additionally, information sharing among regulators, law enforcement and intelligence communities must be a priority, Curry said, and cybersecurity awareness must continually improve.

"We need to continue to improve the awareness across financial institutions, particularly community institutions, about the evolving nature of the cyber-landscape and encourage their engagement in public-private partnerships," Curry said.

Incident response, through coordination with the FFIEC and international regulatory bodies, is a priority as well, he said.

About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.