Boston, MA – May 9, 2018 – Small and midsize banks must take appropriate steps to ensure that they have a business continuity plan in place. That was the message that Tom Curry, former Comptroller of the Currency, delivered to a group of Massachusetts bank executives today at a cybersecurity roundtable held by CyberFortis™ in Boston. “You have a business resumption issue that needs to be addressed. What happens if there is an interruption – what’s your contingency plan? Are you able to resume business within a time period that meets regulatory and customer expectations? This is probably where legislative action is going to be required and is probably the biggest policy issue out there.”
Curry, who as Comptroller was the top administrator of the federal banking system from 2012 to 2017, also previously served as a director of the Federal Deposit Insurance Corporation (FDIC) and the Commissioner of Banks for Massachusetts. He is now a partner at the Boston law firm Nutter. The longtime banking regulator said, “Cyber risk is always going to be with us. People have come to realize that this can affect the solvency of my institution, or it can destroy the reputation of my institution and the bond of trust I have with customers if core systems or customer data is damaged.”
The roundtable discussion was led by David Cotney, a former Massachusetts Bank Commissioner who is now executive vice-president and regulatory director for CyberFortis™, which provides cybersecurity consulting and services to the financial sector. Cotney and Curry also discussed the reliance of community banks on their core service providers and the challenges of working with FinTech companies. One of those challenges is the unwillingness of regulators to review the activities of FinTech or other third-party service providers. “Historically, regulators don’t want to pick winners and losers, and up until recently, they didn’t even want to talk to those third parties,” said Cotney. He indicated that many banks don’t want to take the risk of working with new core providers without greater certainty from their regulators, even if these companies offer greater security and lower costs.
Bank executives also heard from Sean Doherty, a former US Army Special Operations detachment commander and co-founder of Secure Halo, which has provided cybersecurity consulting and enterprise security assessment to the federal government and private sector for over a decade. Doherty emphasized that bank leaders must ensure their approach to cyber risk aligns with overall business objectives. “Cybersecurity is an organizational viability issue, not an IT issue,” he said. “Simply implementing hardware or software doesn’t address where risk may be coming from, such as insider threats, weak governance, or connected third parties.”
CyberFortis™ also launched its new white paper – “Beyond Compliance: Making Security a Business Strategy,” which explains the important difference between compliance and security and, offers a three-step approach to becoming more cyber mature.
Acting as the financial services division of enterprise security firm Secure Halo, CyberFortis™ builds on Secure Halo’s proven track record of providing state of the art cybersecurity services to the federal government, Fortune 500 companies, and leading global underwriters. Working together, CyberFortis-TSC brings best in class cyber services to community banks, large financial institutions, credit unions, FinTech companies, and other licensed financial services providers.