The International Business Times is reporting that Benjamin Lawsky, New York State’s top bank cop surveyed 40 banks and found that fewer than half regularly inspect the security systems of their outside vendors. Both the Target and Home Depot breaches were caused by compromised third party vendors.
Regulators are concerned that light oversight of bank’s vendors, who are connected to the banking network, could have grave consequences. Regulators are concerned that hackers could cause a systemic meltdown.
Lawsky’s office is developing guidelines around bank vendor security practices. While he did say that banks are not to blame for a rapidly changing cybersecurity landscape, he also said that European banks are doing a better job or securing third party relationships than U.S. banks are.
Translating that – expect more regulations in the area of third party connections.
While Lawsky’s office only regulates banks, brokerage firms and insurance companies and only those licensed to do business in New York State, he is often a canary in the coal mine for other regulators.
Even if you do not fall under Lawsky’s supervision, now is probably a good time to review your organization’s practices regarding third party relationships. It is a small step from a hacked vendor to your organization being hacked.