Authentic8 Blog Author: John K. Klassen

John is Product Marketing Manager at Authentic8.

Financial Services: How to Minimize Vendor Risk Online in One Step

Here’s a quick tip for CISOs and compliance officers in banks, credit unions, investment or wealth management firms who worry about cybersecurity threats that emanate from vendors and third-party apps:

Disconnect from the web.

Sounds radical? You may be surprised to learn that this process is well underway in some of America’s largest banks and investment firms. Let me explain.

IT security researchers agree that almost 80 percent of data breaches and malware incidents are web-borne and in some way browser-related. The regular browser has become the main gateway for attacks on the local IT infrastructure of firms (not only) in the financial sector.

Locally installed browsers – including those labeled “secure” by their makers – indiscriminately process all code from the web on the user’s computer or mobile device. The browser opens the door for data exfiltration and for malicious code to infiltrate the corporate network, for example through infected vendor websites or compromised third-party business apps.

The finance sector’

Financial Services: Blindspot Browser

For regulated investment firms, the SEC’s Office of Compliance Inspections and Examinations (OCIE) has prioritized “cybersecurity with an emphasis on, among other things, governance and risk assessment, access rights and controls, data loss prevention [...] and incident response.”

While firms have significantly strengthened their compliance policies, their actual practices still reveal alarming gaps. Behind closed doors, compliance leaders in many firms I get to speak to admit that they lack the tools to sufficiently monitor, audit, and enforce employee web use policy.

Regulators expect firms to make a “reasonable” attempt to ensure oversight and remediate areas of weakness. So what’s getting in the way?

Securities and Exchange Commission (SEC)

The Web - Asset or Liability? It Depends On the Browser.

Whether research analysts or investment managers use business apps or social media, they rely on the locally installed web browser as their primary tool. It is the very same tool that increasingly leaves firms exposed to risks of data breaches and compliance violations online.

In a