Posted on

Mandatory 36-Hour Breach Reporting Window for U.S. Banks

Banks required to notify

In November of 2021, the Agencies, comprised of the Federal Deposit Insurance Corporation (FDIC), the Office of the Comptroller of the Currency (OCC), and the Federal Reserve Board (FRB), passed a regulation that requires banks to notify regulators no more than 36 hours after they identify that a security incident (that rises to the level of a “notification event”) has taken place. The regulation required full compliance by May 1, 2022. FDIC-supervised banks will report incidents to their case managers while banks that are regulated by the Board of Governors of the Federal Reserve System will need to inform the board. The Agencies explain though that not every data security incident is a notification event. According to the rule, a computer-security incident is “an occurrence that results in actual harm to the confidentiality, integrity, or availability of an information system or the information that the system processes, stores or transmits. An incident requiring subsequent notification is defined as a ‘computer-security incident’ that has disrupted or degraded a banking organization’s operations and its ability to deliver services to a material portion of its customer base and business lines”

Business Impact

While this requirement from the FDIC, OCC, and the FRB is new, most banks have already been using a 72-hour protocol for reporting. But with an even tighter timeline, banking corporations are going to have to ensure they’re reporting accurate information. Roger Grimes of KnowBe4 explains that in the rush to report quickly, more corporations will probably report inaccurately, which increases the liability risk. Banks will need to first identify if a notification event has taken place, and if they determine that’s the case, they have 36 hours from then to report.

Security Impact

Financial institutions are the backbone of the U.S. economy, according to Marcus Fowler, senior vice president of strategy engagements and threats at cybersecurity AI firm Darktrace, and are one of the most targeted sectors for cybersecurity threats. By establishing a tight window for breach reporting, banks can help restrict the scale of an attack and minimize the impact, protecting the “backbone” of our economy. Attackers try to harm as many victims as possible before defenders can address the issues, so the speed of reporting is vital in combating these cyber attacks.

Take Action

  1. Review the FDIC’s examples of notification events and set up parameters around what is and what isn’t a notification event
  2. Review incident response and business continuity plans to ensure compliance with the new reporting requirement

Recommendations

Lightstream recommends reviewing the new requirements and examining current policies and processes to ensure you’re compliant. Prioritize security by identifying what is a security incident and if that incident is a notification event. Use a comprehensive vulnerability management program to protect your banking corporation. We can help. Our full-stack vulnerability management programs keep you ahead of emerging threats and attackers.

 Read the full bulletin

Posted on

Take the Complexity out of Securing your Public Cloud Environments

There’s no doubt that migrating assets to the cloud brings a multitude of benefits. The promise of improved availability, and increased agility, scalability and IT flexibility are just a few. But what about the risks? When security is architected and designed into the cloud platform – the risk can be significantly less than that of traditional infrastructure. Unfortunately, when cybersecurity is not a design-time consideration the results can be catastrophic.

The agility that allows IT organizations to rapidly build and scale environments is a phenomenal asset to business, but it can be one of its greatest vulnerabilities if not managed. Attackers go where the value is – so as business puts more and more sensitive data into the public cloud, it makes sense that attackers make public cloud their primary target. Configuration errors – in both known and unknown cloud assets – are a primary source of cyber security and compliance failures. Configuration errors give attackers a potential way in, and can lead to intellectual property theft, or breach of confidential information, or even a full environment compromise. Rather than having to develop exploits and probe organizations for weaknesses, configuration errors often provide exposed administrative capabilities, open access to sensitive data, or allow systems to attack each other without monitoring or protection.

The problem is that configuration errors in the public cloud are made at cloud scale and speed. This means that potentially hundreds of data stores, privileged accounts or services can be exposed in seconds. The challenge for security professionals is to address the growing complexity and security challenges without adding complexity further into the equation. The good news for security professionals is that there is a wealth of tools out that can help.

Prisma® Cloud from market leader Palo Alto Networks is a best-of-breed cloud security solution that many of the world’s top enterprises rely on to secure their highly complex, multi-cloud environments. The popularity of Prisma Cloud is driven by the low-complexity dashboard providing a complete set of features such as multi-cloud analysis, automated remediation, and contextual understanding of systems, applications and users. It provides complete visibility and control over public-cloud based risks within Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Oracle Cloud Infrastructure (OCI) and Alibaba Cloud infrastructures.

The fact that 74% of Fortune 100 companies rely on the proven capabilities of Prisma Cloud means it will be able to support your environment as well. But even with such cutting-edge technology available to secure their cloud environments, IT and cybersecurity professionals are still faced with the arduous task of managing the workload the platform produces. Managing identified vulnerabilities, analyzing detected anomalies, ensuring compliance with appropriate frameworks and configuring runtime defense in heterogeneous environments on a day-to-day basis requires expertise and staffing – something companies big and small struggle with. A significant number of exhausted security leaders are turning to companies like Lightstream to operationalize, manage and optimize their Prisma Cloud platforms in their public cloud environments for this very reason.

Build Resiliency and Lower Cloud Risk

As a Palo Alto Networks Global Cloud Partner, Lightstream has the world-class expertise you need in a managed security provider. Together, Palo Alto Networks and Lightstream can help you accelerate your move to the cloud by delivering consistent, automated protections across multi-cloud deployments that prevent data loss and defend against business disruption.
Lightstream’s Cloud Defense built on Prisma Cloud provides customers like you with continuous monitoring, detection and incident response for their public cloud environments. Our team of security experts begins by working to baseline your cloud environment, creating recommendations, and remediating urgent issues then monitoring your environment against the new guard-rails. When security issues arise, we’re there to help with critical incident response services from security professionals and cloud architects and engineers. While other providers call that good-enough, we don’t stop there. Lightstream is different in that we staff industry-certified cloud security architects to continuously advise and improve the security of your public cloud throughout the lifecycle.
And with our Quickstart program, this isn’t a long, drawn-out process. Lightstream can help take you from initial assessment of your existing cloud environment to the design of a customized managed services plan to a fully optimized and managed cloud environment within 30 days. From there, you’ll have all the benefits of 24/7/365 monitoring and management via a single point of contact at Lightstream.
It’s time to mitigate your business’s cloud security risks and de-complicate the management of its infrastructure. Contact Lightstream today to find out how Palo Alto Networks’ Global Cloud Partner of the Year for two consecutive years can help take the burden and complexity out of protecting and optimizing the security of your organization’s public cloud environments.