New
Cyber Security Assessment Framework from FFIEC and High-Profile
Security Breaches Will Lead to Shareholders Demanding Answers.
San
Francisco, CA, USA (January 19, 2016) -- The year 2016 promises
to be the Year of Accountability as corporate boards have to address
serious questions about their companies' defenses against security
breaches and cybercrime. That's the prediction of Greg Reber, CEO of
AsTech Consulting, an 18-year-old cyber security consulting firm.
Reber warns that board members as well as chief executives are going
to be held more accountable by shareholders and regulatory agencies
for inattention to cyber security weaknesses.
Last
year the Federal Financial Institution Examination Council (FFIEC)
released a new cyber-security assessment tool to help financial
institutions move from a simple, "check-the-box" approach
to security assessment to a more risk-based methodology, including
specific milestones that boards have to meet at different maturity
levels. This marks a new era in financial institution security
oversight due to the specificity of the compliance framework. This
move by the FFIEC puts corporate boards on notice as well as chief
executives that cyber security is their responsibility.
"Data
security breaches will continue to be more spectacular and more
costly to business," said Reber. "What is changing is the
demand for more accountability. In addition to requiring that high
level executives step down (such as the CEO of Target), we are going
to see more boards of directors held responsible for security
failures. Cyber security is a problem that will continue to escalate,
resulting from emerging technologies being applied to cybercrime
coupled with a lack of due diligence by senior management."
Reber
notes that there are multiple reasons that 2016 will become a year of
increasing cyber security attacks:
1.
Aging Internet applications - The World Wide Web is 23 years
old in 2016 and many of today's Web applications are built using
source code that was developed before security risks were understood.
These applications propagate security weaknesses unless they are
specifically addressed in the source code, or by other means.
2.
The rush to introduce new technology - Emerging technologies
are creating new cyber security risks that are not well understood.
The Internet of Things (IoT), for example, is driving a rush to
market and many times cyber security is an afterthought. Adding
security to new technology later rather than making it part of the
initial development will leave 'seams' for security flaws.
3.
Malicious ecommerce - Social media sites such as Facebook,
Twitter, and Pinterest have announced that they will be adding "buy"
buttons to their sites. While this may attract more users and promote
customer retention, it also will create new opportunities for
cyber-fraud and identify theft.
Conversely,
the good news for the coming year is that better analytics with more
accurate predictive capabilities are coming to market every quarter.
It is becoming easier to identify where hackers are likely to strike
next, supplementing traditional enterprise security safeguards with
predictive analytics and analytics-driven security methods.
"We
have better analytics and predictive capability to head off more
security problems, but companies still need to make cyber security a
priority before they have to pay for the consequences of a cyber
breach," added Reber. "It's more than a matter of adding
more security detection tools; companies have to scrub their
infrastructure to uncover legacy vulnerabilities. In the current
regulatory climate, vulnerability discovery and remediation is much
less expensive than paying the fines and legal fees, not to mention
equity losses, that follow a systems hack."
About
AsTech Consulting
AsTech
Consulting has been helping Fortune 1000 companies manage risk and
protect vital information assets since 1997. AsTech's technical team
are true security experts, providing a full suite of services focused
on risks to information including Vulnerability Discovery and
Remediation, Secure Development Training, Secure Development
Lifecycle Consulting, and Security Architectural Design.
For
more information, visit http://www.astechconsulting.com.
Contact:
Tom
Woolf
Public
Relations Director, Gumas Advertising
415-259-5638