Archive 360 Email Archive Migration Blog

Banking in A Cyber Secure World - New US Regulations Are Coming

Posted by James McCarthy, Esq. on October 24, 2016

Blog10242016.jpgThis title is a misnomer to anyone conversant with cybersecurity reality. Cybersecurity legend John McAfee may have said it best in reference to every company’s online data assets;

we live in a very insecure world with a very insecure communications platform… (and) I cannot conceive of how more than 1% of us could possibly survive a cyberwar.” 

For those that still believe their online banking data is immune from such realities, consider another cybersecurity expert James Lewis’ sobering assessment;

hacking is a major threat to the stability of the financial system...”[1]  

Against this backdrop, it is not surprising that the bank-auditing firm of KPMG reported in July that more than 75% of financial institutions admit to being breached in the past two years and that one third of consumers report their personal accounts being compromised.[2] Somewhat surprising is that the United States Federal Reserve itself has been hacked more than 50 times in the last five years[3] and the FDIC has been hacked by the Chinese government. [4] 

US regulators are moving quickly to require major banks to establish a fail-safe system that would safeguard customer account information for the apparent inevitability of a data breach. This week, the Federal Reserve Board, the US Comptroller of the Currency, and the FDIC has published a set of proposed guidelines for banks with $50B or more in assets.[5]  Given the impossibility of creating a genuine cybersecure environment online, the new regulations strongly suggest a “secure, immutable, offline storage of records[6] relating to things like loan data and account records.  In this case “immutable” means unchangeable or un-editable. Financial institutions such as brokers/dealers have had to meet this requirement for decades.

The draft rules would further require banks have the capacity to recover from a disruptive cybersecurity attack within just two hours![7]

So, long story short, most major US banks will require a complete and continually updated offline copy of its records that can be accessed quickly, within a few hours of major online data breach. The bottom line is understanding where compliance rules are moving towards and planning for the changes is axiomatic; how to get there may not be so obvious.

About Archive360

Archive360 is the market leader in archive migration software, successfully migrating more than 12 petabytes of data for more than 500 organizations worldwide since 2012. The company’s flagship product, Archive2AnywhereTM, is the only solution in the market purpose-built to deliver consistently fast, trouble-free, predictable archive migrations, with verifiable data fidelity and defensible chain of custody reporting.

Archive360’s newly released Archive2AzureTM solution is the industry’s first regulatory compliance and grey data storage solution based on the Microsoft Azure platform. Archive360 is a global organization and delivers its solutions through a network of specialist partners. Archive360 is a Microsoft Cloud Solution Provider and the Archive2Azure solution is Microsoft Azure Certified.  

Archive360 has successfully migrated data for many institutions including a major a top 10 North American bank where we successfully migrated 450 terabytes of data. Stated simply, Archive360 has the tools and the experience to achieve your bank’s compliance with the new banking regulations quickly and cost effectively. The first step is to contact us for a no obligation demo of the software.     

Notes

[1] James Lewis is a cybersecurity expert at the Center for Strategic and International Studies, Washington DC and was hired by Reuters to inspect the files it obtained from the FOIA request made to the Federal Reserve;

[2] https://home.kpmg.com/us/en/home/media/press-releases/2016/07/nearly-4-in-10-consumers-say-their-bank-accounts-have-experienced-cyber-attacks-kpmg-report.html; See also, KPMG report Consumer Loss Barometer: Banking & Financial Services Cybersecurity at https://info.kpmg.us/consumer-loss-barometer/financial-services.html

[3] See; https://www.theguardian.com/business/2016/jun/01/federal-reserve-hackings-cybersecurity-espionage andhttp://www.reuters.com/article/us-usa-fed-cyber-idUSKCN0YN4AM

[4] http://money.cnn.com/2016/07/13/technology/china-fdic-hack/; See also July 12, 2016, report by US Congressional Committee of Science, Space, And Technology Investigation of FDIC’s Cybersecurity at  https://www.documentcloud.org/documents/2992789-Final-GOP-Interim-Staff-Report-7-12-16.html ;

[5] See Enhanced Cyber Risk Management Standards 12 CFR 364, published by the US Department of Treasury, Federal Reserve System, and FDIC, October 19,2016 at https://www.fdic.gov/news/board/2016/2016-10-19_notice_dis_a_fr.pdf?source=govdelivery&utm_medium=email&utm_source=govdelivery ;

[6] Id at p. 38;

[7] Id at p. 41;

Request a Demo of Archive2Anywhere

Topics: Cybersecurity, Banking, Regulations

Subscribe to Our Blog