Data Breaches in Financial Institutions: What Firms Need to Know in 2015
Overview:
Recently, cyber attacks on large banks have garnered attention from financial institutions and security professionals. The US Federal Bureau of Investigation is reviewing evidence of a significant and serious data breach of the US financial system with a principal focus upon JP Morgan Chase & Co. Russian hackers are suspected of the highly sophisticated cyber attack.
Every organization is at risk of a cyber-attack and, today credentials are the principal focus for cyber attacks. Many organizations now must detect compromised credentials and risky user behavior. Use of cloud services and mobile devices increases the vulnerability of organizations and individuals to attacks that rely on deception and stealth. Attackers need less a day or less, but incident responders take more than a month to detect, investigate, and control an attack. Despite claims of success against cyber attack, current firewalls, intrusion prevention systems, anti-virus programs, and web gateways fail to stop targeted APT attacks and sophisticated malware. Most systems rely too heavily on signatures, penetration patterns, and reputations to be effective at accurately identifying and blocking advanced and focused cyber attacks. Urgently, new methods are needed to identify and prevent cyber attacks.
The Knowledge Group has assembled a panel of key thought leaders to provide the audience with an in-depth analysis of Data Breaches in Financial Institutions, the serious risks, and identification and control methods. The speakers will help attendees understand the basics of developing a robust security program.
Key topics include:
- Data Breaches of Financial Institutions
- Types of Data Breaches
- Cyber Attack Consequences for Banks, and Financial Authorities
- Best Practices to Avoid Attacks and Data Breaches
- Legal and Financial Risks and Pitfalls
Agenda:
Paul Hastings LLP
- The Office of the Comptroller of the Currency ("OCC") -- the primary federal regulator of national banks and thrifts -- has highlighted cyber-threats as a key operational risk for institutions under its supervision. As the OCC has indicated that it does not plan to address this risk through the creation of new regulations, the agency has emphasized its expectation that the financial institutions under its supervision must reexamine and redevelop their own risk management systems to address increasingly sophisticated threats to customer data.
- Subsequent interagency guidance has clarified regulators' expectations for protecting customer information. As such, financial institutions are expected to implement complex and effective systems to identify threats to customer information, design effective security controls responsive to these threats, and establish a response program to be implemented in the case of a security breach.
- Interagency guidance emphasizes that the creation of a risk management system to address cybersecurity risks is alone not sufficient to meet information security standards -- regulators require routine testing of security controls, monitoring of third party service providers, and establishing appropriate corporate governance protocols.
- The cyberattack on JP Morgan detected in October of 2014 highlighted the vulnerabilities of banks' information security systems and the need for increased "cybercontrol"-- stringent monitoring of third party vendors on whom banks rely to safeguard customer data.
- The prevalence of mobile payments and the emergence of new mobile payment platforms present new challenges for institutions seeking to safeguard customer data, requiring the creation of more sophisticated systems and new protective technologies.
O'Melveny & Myers LLP
- The financial services industry, as part of the nation’s critical infrastructure, is a prime target for cyber criminals. These criminals are using a wider array of attack methods than ever before, and the speed of attacks is increasing. The potential costs to financial institutions are enormous and varied. They can include financial costs, reputational costs, litigation costs, and regulatory enforcement consequences. As such, companies should take proactive measures to protect themselves, their shareholders, and their customers.
- The federal government has amplified and sharpened its focus on cybersecurity. The major regulatory agencies, especially the FTC and the SEC, have intensified their enforcement actions, scrutinizing companies who fail to protect their customers’ data and privacy. Law enforcement agencies including the FBI and the Secret Service are working harder than ever to combat cyber-attacks, and financial services companies will likely work with them in the event of a breach. And cybersecurity is a hot topic of Congressional debate and executive action by the President.
- As much focus as there has been on cybersecurity in Washington D.C., there are a number of large unresolved policy issues subject to intense debate. They include questions around providing liability protection to companies who share information with the government and others about breaches of their security, crafting a national data breach notification standard, and ways to protect consumers’ privacy.
- There is both cooperation and tension between the financial services industry and retailers in the area of cybersecurity, from where the biggest security gaps exist, to how those gaps should be closed, to who bears responsibility for closing them.
- There are a number of best practices financial services companies can use to manage cybersecurity risks to prevent a security breach as well as to respond effectively in the event of a such a breach.
Who Should Attend:
- Privacy Law Attorneys
- Chief Compliance Officers
- Risk and Compliance Managers
- Bank Compliance Officers
- Data Security Professionals
- Bank and Financial Institution Executives
- Fraud Monitoring
- Bank Regulation Lawyers
- Banking & Finance Lawyers
Kevin L. Petrasic is a partner in the Global Banking and Payments Systems practice of Paul Hastings and is based …
Danielle Gray is a litigation partner in O’Melveny & Myers LLP’s New York and Washington, DC offices. She provides counseling …
Course Level:
Intermediate
Advance Preparation:
Print and review course materials
Method of Presentation:
On-demand Webcast (CLE)
Prerequisite:
NONE
Course Code:
145106
NASBA Field of Study:
Specialized Knowledge of Applications
NY Category of CLE Credit:
Areas of Professional Practice
Total Credits:
2.0 CLE
2.0 CPE (Not eligible for QAS (On-demand) CPE credits)
Login Instructions:
No Access
You are not logged in. Please Login or register to the event to gain access to the materials and login instructions.
Unlock All The Knowledge and Credit You Need
Leading Provider of Online Continuing Education
It's As Easy as 1, 2, 3
Get Your 1-Year All Access Pass For Only $199
SPEAKERS' FIRMS:
About Paul Hastings LLP
Paul Hastings provides innovative legal solutions to many of the world’s top financial institutions and Fortune 500 companies in markets across Asia, Europe, Latin America, and the United States. we offer a complete portfolio of services to support our clients’ complex, often mission-critical needs—from structuring first-of-their-kind transactions to resolving complicated disputes to providing the savvy legal counsel that keeps business moving forward.
Our Global Banking and Payment Systems team brings together the knowledge, experience, and insight to guide clients through today’s evolving regulatory landscape. We represent our clients before every U.S. federal banking agency and many state banking agencies in matters involving regulatory initiatives, regulatory legislation, and enforcement actions, as well as before the Financial Services Authority in the U.K.
Website: https://www.phglobalfinancial.com/
About O'Melveny & Myers LLP
With approximately 750 lawyers in 15 offices worldwide, O’Melveny & Myers LLP helps industry leaders across a broad array of sectors manage the complex challenges of succeeding in the global economy. We are a values-driven law firm, guided by the principles of excellence, leadership, and citizenship. Our commitment to these values is reflected in our dedication to improving access to justice through pro bono work and championing initiatives that increase the diversity of the legal profession. For more information, please visit www.omm.com.
Website: https://www.omm.com/