In a recent speech, Treasury Secretary Jack Lew called on the financial sector to step up efforts on cybersecurity. Lew cited recent events such as the Target data breach and over 250 attacks aimed at overwhelming the systems of banks and credit unions to emphasize the immediacy of the issue. Dangers lie not just in direct attacks, but also with attacks on vendors, where Lew noted that “an incursion at a strategic point along the network could lead to market disruption and massive harm.”
To help address these concerns, Lew pointed to a cybersecurity framework initiated through an executive order. While Lew believes that all financial services firms should use the framework, he also emphasized that firms should ensure that outside vendors apply the framework as well: “Just as you consider your counterparties when you take on financial risk, you should also consider your counterparties in the area of cyber risk.” Lew also called for business leaders to review response plans and to regularly review reports on threats faced by their organizations.
Fear of reputational risk has made businesses hesitant to reveal data breaches, but Lew encouraged greater collaboration between firms and government agencies. Lew cited the Financial Sector Cyber Intelligence Group, which was created by Treasury to provide timely alerts that financial institutions can use to stem attacks.