International communication and public-private partnerships are the keys to cybersecurity in the financial space, according to the Department of Homeland Security and the Financial Services - Information Sharing and Analysis Center.
Philip Reitinger's appointment as Sony's first chief information security officer comes more than four months after a massive breach of Sony's PlayStation gaming system that exposed the personal identifiable information of some 77 million customers.
"I don't think there's any connection [to] the investments banks will make in fraud prevention," says Doug Johnson of the ABA. "It's not about making budget cuts; it's about protecting the customer relationship and ensuring security."
The fight against cyberattacks is a top priority for financial institutions, and industry insiders are optimistic about President Obama's plan to thwart cyberattacks that lead to corporate account takeover and other forms of fraud.
Jeff Kopchik of the FDIC says too much emphasis on what's "missing" from the FFIEC's new guidance detracts from regulators' intent: providing financial institutions with a guideline for securing online transactions.
"The FFIEC guidance does a good job of addressing today's and yesterday's threats and suggested techniques, but it is not sufficiently forward-looking," says Gartner's Avivah Litan. "Two years from now, the guidance will be sorely out of date."
The Federal Financial Institutions Examination Council has formally released the long-awaited update to its "Authentication in an Internet Banking Environment" guidance. The new directives take effect January 2012.
Greg Rattray, VP of Security at BITS, says we can't necessarily stop the spread of dangerous malware like Zeus, but banking institutions can do a better job of mitigating the risk and damage that follow such an attack.
No one is really sure when the FFIEC's new authentication guidance will be issued, but we do know banking institutions can't afford to wait. Hence, our new FFIEC Authentication Guidance Resource Center.