No one is really sure when the FFIEC's new authentication guidance will be issued, but we do know banking institutions can't afford to wait. Hence, our new FFIEC Authentication Guidance Resource Center.
The three most common findings during an IT security examination are vendor management issues, a need for improved wire transfer controls, and necessary updates to risk assessments, says Phillip Hinkle, Chief IT Security Examiner for the Texas Department of Banking.
Recent hacks have uncovered security vulnerabilities that should have been addressed years ago. "These attacks are going to escalate," says Josh Corman of The 451 Group. But organizations can implement basic steps to make the hackers' job harder.
If you need one more reason to take additional steps to prevent health information breaches, here's something to consider. An attorney argues that if breaches, and their high costs, are not brought under control, "I think where we are headed is to an insurance crisis."
"This is yet another [incident] in what is turning into a major 'breach streak,' which will make all of us rethink what information security really means," says Mike Urban, senior director of fraud solutions for FICO.
Breaches will not slow anytime soon, and there's not much financial institutions and the payments chain can do to stop them. At this point, the best course of action for banks and retailers is to focus on damage control.
Some organizations hesitate to involve law enforcement in their breach investigations for fear that exposing the hack would cost them their reputations and money. A Justice Department contingent tells a gathering of lawyers why that impression is wrong.
"I'd like to make sure our recommendations fit with what the FFIEC is recommending, to continue to help us mitigate risk," says Michael J. Wyffels, SVP and CTO of QCR Holdings Inc. "But the hackers seem to continue to find new ways to exploit vulnerabilities."
Our 2011 survey exposes barriers preventing government IT security practitioners from doing their jobs effectively, identifies services and technology they need to safeguard IT and determines the comfort level they have with cloud computing.