‘Growing Sophistication And Frequency Of Cyberattacks Is A Cause For Concern,’ U.S. Comptroller Of Currency Says
“The denial of service attacks that began in 2012 and continue today drew the attention of our largest financial institutions. While they have been only minimally disruptive so far, we know that these types of attacks are just one of the many cyber threats that our financial system faces. The growing sophistication and frequency of cyberattacks is a cause for concern, not only because of the potential for disruption, but also because of the potential for destruction of the systems and information that support our banks. These risks, if unchecked, could threaten the reputation of our financial institutions as well as public confidence in the system. The financial services industry isn’t alone in facing the threat of cyberattacks. Almost every business sector, from newspapers to power utilities, faces similar threats. But the financial services industry is one of the more attractive targets for cyberattacks, and, unfortunately, the threat is growing, for several reasons.” — Thomas J. Curry, U.S. Comptroller of the Currency, Sept. 18, 2013
Thomas J. Curry
At a speech in Washington today before the Exchequer Club, U.S. Comptroller of the Currency Thomas J. Curry said cyberattacks have the potential to disrupt operations at banks large and small and that the “threat is growing.”
Among the problems is that the costs of carrying out such attacks are going down, while the “resources needed to identify, monitor, and mitigate against vulnerabilities and potential attacks are increasing,” Curry said.
“First, hackers have easy access to the necessary tools and infrastructure,” Curry said. “The global nature of the Internet means they can conduct their activity from almost anywhere, including in countries with regimes that, at worst, sponsor attacks and, at a minimum, act as criminal havens by turning a blind eye toward criminal behavior.”
Speaking to the whack-a-mole nature of the Internet, Curry said criminals are apt to switch their focus from larger to smaller institutions as the larger institutions bolster their security.
“As our largest institutions improve their defenses, it is very likely that hackers will turn their attention to community banks,” he said. “These smaller institutions can provide a point of access into the system, and they may have less sophisticated defenses than large banks. For the most part, they depend upon third-party providers for their IT services, including security. That’s understandable, but they still have to be able to assure themselves that these service providers have adequate controls and solid processes in place to protect them and their customers. This can be particularly problematic for community banks and thrifts that may not have the resources or specialized expertise needed to identify and mitigate these vulnerabilities.
“So, we’re devoting more resources to cybersecurity — at all of our institutions, but especially at community banks and thrifts,” he said.
Read Curry’s remarks as prepared for delivery today.
Also see Oct. 25, 2012, PP Blog story on cybersecurity remarks by Lisa Monaco, then Assistant Attorney General for National Security. Monaco is now President Obama’s chief counterterrorism adviser.
In 2011, U.S. Attorney General Eric Holder said a “staggering volume” of money was being stolen online.
