WASHINGTON—A top federal regulatory official is urging more financial institutions to implement multifactor authentication for all nonpublic systems.
In remarks to an audience of financial executives, Michael Hsu, acting Comptroller of the Currency, said the majority of breaches could be avoided or mitigated through basic cybersecurity controls, Bank Info Security reported.
The frequency and severity of attacks against financial institutions have mounted over the past years, said Hsu, according to the report. A majority of financial system breaches observed by the OCC boil down to failures in strong authentication, unpatched systems and poor response or resilience, he said.
“Security practitioners have long touted multifactor authentication - in which anyone logging onto a system must present additional evidence of legitimacy besides a password, such as a one-time code - as an essential element of cybersecurity. Especially when tied to a hardware fob, multifactor makes it significantly harder for hackers to penetrate systems,” Bank Info Security explained.
Guidance Provided
A pan-federal financial sector regulatory agency group last August published guidance emphasizing the importance of multifactor authentication, the publication added.
Hsu also told the audience that unpatched or misconfigured systems follow compromised credentials as the most common contributing factor to data breaches. "Malicious actors are very familiar with the security settings of commonly used software products," he said, according to the Bank Info Security account.
Financial institutions should also be prepared to respond to an attack, including through systems for backed up data that are kept offline, Hsu stated.
"Even relatively unsophisticated attacks can cause significant damage and disruption under the right conditions," he said.
The Very Best in CU Reporting. For You. For Free. Or Your Money Back.
Don’t forget to check your Spam/Junk email folder if you haven’t been receiving your free, popular and daily CUToday.info news headlines.
And if you haven’t yet signed up for the new email solution on which CUToday.info has partnered with ResponseGenius, you can do so here. Signing up requires less than one minute of your time.
CUToday.info has received very positive response from readers following the move to an improved provider of the daily headlines, but many also noted they did need to go to their Spam/Junk folder and mark it as safe.
The new email solution has not only improved every reader’s delivery experience, but it also features a fresh, new format that is easy to read, especially on mobile devices.
Please note and/or make your IT department or email administrator aware the emails will be coming from the domains CUTodayinfo.com and CUTodayinfoReply.com.