Cyber Threats in Financial Services

The Internet has dramatically changed the way we conduct business today. The ability to deliver information, answer questions, and exchange ideas has benefitted all who participate. One significant use of the Internet is electronic mail. The ability to replace letter, fax or phone calls with a simple electronic message has won the day. Storing and quickly retrieving these messages allows organizations to streamline its communications process and by today’s business standards, email has become a cornerstone of every business’ operations.

In recent years, the United States Federal Government has passed initiatives targeted at the way personal information must be handled on the public Internet. The major acts are Financial Services Modernization ACT (GLB), Identity Theft Prevention Act of 2000 and the Health Insurance Portability and Accountability Act of 1996 (HIPPA). These acts focus on different aspects of personal information but all have the same mandate, protecting customers’ personal information from unwarranted access and the accountability for its use.

Today’s financial institutions are faced with the challenging pace of new rules and regulations which can lead to increased operational and compliance risk if not managed correctly. In addition, new threats, specifically cyber-threats will burden institutions even more.

The Office of the Comptroller of the Currency’s (OCC’s) National Risk Committee (NRC) monitors the condition of the federal banking system and emerging threats to the systems safety and soundness. NRC members include senior agency officials who supervise banks of all sizes, as well as officials from the law, policy, and economics departments.

The OCC’s 2013 Semiannual Risk Perspective report addresses key issues facing banks. The OCC publishes this report twice a year, drawing upon midyear and year-end data. The spring 2013 report reflects data as of December 31, 2012.

The report highlights key risk themes, which for the first time, addresses cyber-threats by stating, “Increasingly sophisticated cyber-threats, expanding reliance on technology, and changing regulatory requirements are heightening operational risk.”

“Criminals seeking to steal information, commit fraud, or disrupt, degrade, or deny access to information systems strain bank resources and can cause financial, operational, and reputational harm,” the OCC states.

Just look at recent headlines and you will see the ever growing threat of cyber attacks. “Experts Fear Cybersecurity Plan Inadequate, Could Violate Privacy“, “FBI Official Warns of Growing ‘Existential’ Cyber Threats“, “Cybersecurity Bill Authors Defend Legislation Against ‘Privacy Disaster’ Claims“, “Massive Bank Cyber Attack Threat Deemed Credible In New Report“, “Cyber threats and leaks spur increased security focus – Yahoo! News“, ” Hagel says cyberthreats pose ‘stealthy’ danger to US | Fox News.

These attacks include gaining access to Non Public information which is why it is critical for the mortgage industry to embrace solutions that help protect non public information. So what is Non Public information? Non-public Personal Information is any data or information considered to be personal in nature and not subject to public availability.

Personal information includes, but is not limited to: Social Security Number 9 digits, Address, Demographic information, phone number, age, date of birth, race, sex/gender, religion, Mother’s maiden name, Driver’s license number, Passport number 9 digits, State identification number, Personal identification number, Information commonly provided on insurance application, Logon ID’s and account passwords, Digitized or other electronic signatures, Bank Account Number, Debit Card Number 16 digit, Credit Card Number 15-16 digits, Payment history, Account Balances, Factor around customer’s income or assists, fact that person is a customer of financial institution, Information obtained when requesting or getting, collecting or servicing a loan to name a few.

Even though this is not an exhaustive list, you can see the number of data-points that constitute non public information that, if exposed, has the potential for significant ramifications.