Tag Archives: ffiec

AsTech Consulting Security Expert Sees 2016 as “The Year of Board Accountability”

New Cyber Security Assessment Framework from FFIEC and High-Profile Security Breaches Will Lead to Shareholders Demanding Answers.

San Francisco, CA, USA (January 19, 2016) — The year 2016 promises to be the Year of Accountability as corporate boards have to address serious questions about their companies’ defenses against security breaches and cybercrime. That’s the prediction of Greg Reber, CEO of AsTech Consulting, an 18-year-old cyber security consulting firm. Reber warns that board members as well as chief executives are going to be held more accountable by shareholders and regulatory agencies for inattention to cyber security weaknesses.

Last year the Federal Financial Institution Examination Council (FFIEC) released a new cyber-security assessment tool to help financial institutions move from a simple, “check-the-box” approach to security assessment to a more risk-based methodology, including specific milestones that boards have to meet at different maturity levels. This marks a new era in financial institution security oversight due to the specificity of the compliance framework. This move by the FFIEC puts corporate boards on notice as well as chief executives that cyber security is their responsibility.

“Data security breaches will continue to be more spectacular and more costly to business,” said Reber. “What is changing is the demand for more accountability. In addition to requiring that high level executives step down (such as the CEO of Target), we are going to see more boards of directors held responsible for security failures. Cyber security is a problem that will continue to escalate, resulting from emerging technologies being applied to cybercrime coupled with a lack of due diligence by senior management.”

Reber notes that there are multiple reasons that 2016 will become a year of increasing cyber security attacks:

1. Aging Internet applications – The World Wide Web is 23 years old in 2016 and many of today’s Web applications are built using source code that was developed before security risks were understood. These applications propagate security weaknesses unless they are specifically addressed in the source code, or by other means.

2. The rush to introduce new technology – Emerging technologies are creating new cyber security risks that are not well understood. The Internet of Things (IoT), for example, is driving a rush to market and many times cyber security is an afterthought. Adding security to new technology later rather than making it part of the initial development will leave ‘seams’ for security flaws.

3. Malicious ecommerce – Social media sites such as Facebook, Twitter, and Pinterest have announced that they will be adding “buy” buttons to their sites. While this may attract more users and promote customer retention, it also will create new opportunities for cyber-fraud and identify theft.

Conversely, the good news for the coming year is that better analytics with more accurate predictive capabilities are coming to market every quarter. It is becoming easier to identify where hackers are likely to strike next, supplementing traditional enterprise security safeguards with predictive analytics and analytics-driven security methods.

“We have better analytics and predictive capability to head off more security problems, but companies still need to make cyber security a priority before they have to pay for the consequences of a cyber breach,” added Reber. “It’s more than a matter of adding more security detection tools; companies have to scrub their infrastructure to uncover legacy vulnerabilities. In the current regulatory climate, vulnerability discovery and remediation is much less expensive than paying the fines and legal fees, not to mention equity losses, that follow a systems hack.”

About AsTech Consulting
AsTech Consulting has been helping Fortune 1000 companies manage risk and protect vital information assets since 1997. AsTech’s technical team are true security experts, providing a full suite of services focused on risks to information including Vulnerability Discovery and Remediation, Secure Development Training, Secure Development Lifecycle Consulting, and Security Architectural Design.

For more information, visit http://www.astechconsulting.com.

Contact:
Tom Woolf
Public Relations Director, Gumas Advertising
415-259-5638
twoolf@gumas.com