-
Community-sized institutions with cybersecurity gaps are facing new attention from regulators under a pilot exam project.
June 27 -
Some cyber-risk insurance policies could prove insufficient in the event of large-scale attack.
June 4 -
Adopting universal terminology will allow financial institutions to quickly identify, understand and share information about threats, plan for different scenarios and build the systems required to effectively defend their interests.
September 18 -
The framework released by the National Institute of Standards and Technology should serve as an important tool for banks in meeting regulators heightened expectations for managing cyber risk.
February 26
While major cybersecurity breaches like the recent attack on Target tend to grab headlines, smaller banks are actually much more vulnerable to cyberattacks than their larger peers. Yet many community banks have failed to invest sufficiently in security.
Large banks are more inclined than their smaller counterparts to belong to an information-sharing organization like the Financial Services Information Sharing and Analysis Center, according to a May 2014
Large financial institutions are also far more likely than small institutions to have a dedicated information security position, according to the report. More importantly, 90% of large institutions have a documented information security strategy, while only 62% of small institutions have one. Smaller institutions also lag behind in cybersecurity technology: 57% of small institutions have invested in data loss-prevention tools, compared to 78% for their larger counterparts. In addition, smaller institutions are less likely to use effective methods of authenticating their customers, such as smart cards and one-time passwords.
One major reason why smaller banks trail their larger counterparts in cybersecurity is that they lack the resources to make necessary but expensive investments. This problem could be solved by adopting a model currently available to small law enforcement agencies. Because many of these agencies could not individually afford to maintain a computer forensics examiner, purchase digital forensics tools and train officers in digital forensics investigations, the Federal Bureau of Investigation set up regional computer forensics laboratories across the country. The centers provide local law enforcement agencies with much-needed training, access to forensics technology and a place to conduct computer forensics investigations.
This highly effective model could be instituted by the United States Secret Service, which spearheads financial crime investigations in the U.S., in order to help smaller banks with tight IT budgets share cybersecurity resources, train staff and investigate potential breaches.
Small banks might also look to utility companies for inspiration. Many small utility companies have cut costs by centralizing their IT departments into one main department. In addition, universities could be a cost-effective resource for finding security vulnerabilities in the networks of small banks, determining new methods of authentication, and providing many other security solutions for financial institutions.
Small financial organizations must learn to be better prepared for cyberattacks. Luckily, the vast majority of security breaches can be avoided at little or no cost. If small banks share information and resources with one another, they can protect both themselves and their customers from hackers and hefty losses.
Darren R. Hayes is assistant professor and director of cybersecurity at Pace Universitys Seidenberg School of Computer Science and Information Systems. A former investment banker, Hayes began his career in the financial services industry with Cantor Fitzgerald at the World Trade Center.