WASHINGTON – American financial institutions face a greater threat from cyberattacks because of a shortage of high-tech professionals and poor coordination between the government and private sector on how to deter hackers, executives say.
Financial services industry leaders and members of the Senate Banking Committee noted that cyberattacks are on the rise and are a continuing threat to the industry.
Sen. Catherine Cortez Masto, a Nevada Democrat, identified a “proliferation of cyberthreats we hadn’t contemplated 10 years ago” when it comes to protecting consumers. She noted two shortages in cybersecurity — in the workplace among IT professionals and an information shortage among consumers and banks due to a lack of coordination and education.
“No organizations, large or small, public or private, are immune to this threat,” said Bob Sydow, EY Americas cyber leader.
Sidnow said the financial institutions deal with so many different cyber risks that it’s a struggle to find secure, experienced cyber professionals. In the end, many institutions have to hire outside experts — highly trained IT professionals known as examiners — to handle attacks.
“It’s a matter of resources — larger organizations can afford to staff and recruit talent you need in the cybersecurity department with the focus on technology,” he said. “A smaller bank has access to cybersecurity resources they wouldn’t have if they tried to do inhouse or on their own.”
To increase the availability of cybersecurity professionals within the industry, Sydow suggested expanding the pool of IT professionals, specifically women and people of color, through educational programs in science, technology, engineering and math — STEM – in colleges. Sen. Sherrod Brown, an Ohio Democrat, echoed this call.
Brown, who is the top Democrat on the committee, asked the witnesses about the effect of President Donald Trump’s decision last week to eliminate the White House cybersecurity coordinator position on the federal government’s fight against cyberattacks.
“We need to drive better coordination against all parts of the federal government that have a role in cyber security,” said J. Michael Daniel, president of a nonprofit called the Cyber Threat Alliance that is composed of vendors including Cisco Systems CSCO, -0.05% , McAfee , Palo Alto PANW, -0.08% and Symantec SYMC, +0.05% . “Having a strong role at the White House is a real necessity.”
In what he called a “a shared responsibility,” Daniel called for “integration” across all levels of the federal government, including the State, Justice, Defense and Homeland Security departments, to prepare a defense against cyberattacks.
Sen. Mike Rounds, a Republican from North Dakota and chairman of the Subcommittee on Cybersecurity, said the U.S. “needs a strong offense deterrent similar to nuclear deterrent” in keeping people out of critical U.S. infrastructure.
In addressing the lack of framework among financial institutions to help identify whether they are equipped to handle a cyberbreach, Sen. Jack Reed, a Rhode Island Democrat., said he and several other senators have proposed legislation require public companies to identify their cybersecurity expert and to inform shareholders and the public of their level of preparedness.