New York State Department of Financial Services Superintendent Benjamin Lawsky is “very likely” to levy new cyber-security rules on the banking and insurance industries following such high profile breaches at JP Morgan Chase and Anthem.
For years state and federal regulators have have gone back and forth on whether “to require companies to go beyond the simple user name and password identity checks required to access many computer networks at the heart of America’s financial system.” Preliminary reports of the Anthem breach show that foreign hackers used an executives username and password to gain access to the personal records of 80 million people.
Although Anthem has invested a great deal of money in cyber defenses, “officials say initial investigations suggest the theft could have been averted if the company had embraced tougher methods for verifying the identity of those trying to access its systems.” This problem does not seem to be unique to Anthem, a recent New York State Department of Financial Services study found that, “while many big health, life and property insurers boast robust cyber-defenses, including encryption for data transfers, firewalls, and anti-virus software, many still rely on relatively weak verification methods for employees and consumers, and have lax controls over third-party vendors that have access to their systems and the personal data contained there.” Time Magazine has the whole story.