Independent Banker - July 2017 - 65
cloud and the " shallowness of the talent
pool " in cybersecurity expertise.
" There is no 'cloud'; it's just someone
else's computer, " Olson points out.
" When you look at community banks
and their back-end operators ... even
if they haven't been hit already, they
have a big bullseye on their backs. "
Phil Agcaoili, chief information
security offi cer for Elavon, a global
provider of payment processing solutions
and a subsidary of U.S. Bancorp,
likens this particular cybersecurity
risk to public health concerns. " If
there's a weak person, or a weak organization,
any weak link in the chain,
that is where concerns will strike and
spread, " he says.
All banks at risk
This uptick in third-party risk is
not specifi c to community banks; it
concerns all banks, according to Joan
McGowan, senior industry analyst
for consultancy Celent. " This is forcing
banks to treat all third parties as
they would treat their own [internal]
operational risk, " she says. " To consider
human resource management,
resilience, risk activity levels and
metrics, insurance coverage, technology
infrastructure and operational
adequacy of subcontractors, all this is
up for question now. "
Joseph Zazzaro, senior vice president
and chief information offi cer
for the $2 billion-asset PeoplesBank
of Holyoke, Mass., points out, " With
so many partnerships with hosted
solutions now becoming the normal
operating environment for banks, we
have to rely on outside audits, SOC
[security operations center] reports
and other information to help ensure
that these third-party vendors are
doing their due diligence when offering
services. "
PeoplesBank requires SOC and/
or SSAE16 (auditing standards for
service organizations developed by
the American Institute of Certifi ed
Public Accountants), reports on every
third-party vendor. " They provide the
details of their best practices, including
background checks and facility
access, " Zazzaro says. " One of the best
things you can do is visit a vendor site
and see for yourself. "
In December 2016, Thomas
Curry, then head of the OCC, not
only named cybersecurity as the
single greatest systemic threat to our
fi nancial system; he also cited the
tremendous growth of fi ntech companies
as a major strategic risk.
It's clearly not an issue that can be
swept under the carpet. But what are
community banks, short on resources
and staff, to do?
Wes Bjorklund, senior director
at Cornerstone Advisors, says
community banks should focus on
vetting and reviewing vendors that
have " non-escorted or unsupervised
access " to their facilities, as well as
those third parties that have network
access to a bank's computer systems.
" That's where you have to rely on a
variety of safeguards and controls, "
he says. While Bjorklund maintains
The party's over
Four major third-party data breaches
Who: Target
When: November-December 2013
What: 40 million customer payment
details
How: Hackers infi ltrated Target's
data systems through its HVAC
contractor.
What happened next? Target
agreed to various settlements
with card issuers, banks and
customers, which cost it more
than $148 million in damages.
Target stock prices took a hit,
customers became skeptical of
the retail giant's security and the
CEO stepped down in 2014. In 2015,
Target invested in chip-and-PIN
terminals and chip cards for all
REDcard customers.
Who: Wendy's
When: October 2015
What: Customer payment details
at 1,025 locations
How: Malware compromised the
fast-food chain's third-party pointof-sale
providers.
What happened next? Wendy's
faced class-action lawsuits due
to its " inadequate approach to
data security, " and its stock price
tumbled in 2016.
Who: U.S. Bancorp
When: May 2016
What: Sensitive employee
information
How: Fraudsters compromised U.S.
Bank's payroll provider, ADP.
What happened next? The ADP
breach aff ected a dozen other
companies, and its shares dropped.
About 2 percent of U.S. Bank
employees were aff ected, and a
class-action lawsuit for tax fraud
was fi led against ADP.
Who: Netfl ix
When: April 2017
What: Hackers claim to have stolen
unaired episodes of Orange is the
New Black.
How: System breach of postproduction
company Larson Studio.
What happened next? The hackers
threatened to release the show
before its release date unless a
ransom was paid. An FBI investigation
is underway.
-Sara Schlueter
independentbanker.org
ICBA IndependentBanker 65
http://www.qmags.com/clickthrough.asp?url=www.independentbanker.org&id=20303&adid=P65E1
Independent Banker - July 2017
Table of Contents for the Digital Edition of Independent Banker - July 2017
Table of Contents
Independent Banker - July 2017 - Intro
Independent Banker - July 2017 - Cover1
Independent Banker - July 2017 - Cover2
Independent Banker - July 2017 - Table of Contents
Independent Banker - July 2017 - 2
Independent Banker - July 2017 - 3
Independent Banker - July 2017 - 4
Independent Banker - July 2017 - 5
Independent Banker - July 2017 - 6
Independent Banker - July 2017 - 7
Independent Banker - July 2017 - 8
Independent Banker - July 2017 - 9
Independent Banker - July 2017 - 10
Independent Banker - July 2017 - 11
Independent Banker - July 2017 - 12
Independent Banker - July 2017 - 13
Independent Banker - July 2017 - 14
Independent Banker - July 2017 - 15
Independent Banker - July 2017 - 16
Independent Banker - July 2017 - 17
Independent Banker - July 2017 - 18
Independent Banker - July 2017 - 19
Independent Banker - July 2017 - 20
Independent Banker - July 2017 - 21
Independent Banker - July 2017 - 22
Independent Banker - July 2017 - 23
Independent Banker - July 2017 - 24
Independent Banker - July 2017 - 25
Independent Banker - July 2017 - 26
Independent Banker - July 2017 - 27
Independent Banker - July 2017 - 28
Independent Banker - July 2017 - 29
Independent Banker - July 2017 - 30
Independent Banker - July 2017 - 31
Independent Banker - July 2017 - 32
Independent Banker - July 2017 - 33
Independent Banker - July 2017 - 34
Independent Banker - July 2017 - 35
Independent Banker - July 2017 - 36
Independent Banker - July 2017 - 37
Independent Banker - July 2017 - 38
Independent Banker - July 2017 - 39
Independent Banker - July 2017 - 40
Independent Banker - July 2017 - 41
Independent Banker - July 2017 - 42
Independent Banker - July 2017 - 43
Independent Banker - July 2017 - 44
Independent Banker - July 2017 - 45
Independent Banker - July 2017 - 46
Independent Banker - July 2017 - 47
Independent Banker - July 2017 - 48
Independent Banker - July 2017 - 49
Independent Banker - July 2017 - 50
Independent Banker - July 2017 - 51
Independent Banker - July 2017 - 52
Independent Banker - July 2017 - 53
Independent Banker - July 2017 - 54
Independent Banker - July 2017 - 55
Independent Banker - July 2017 - 56
Independent Banker - July 2017 - 57
Independent Banker - July 2017 - 58
Independent Banker - July 2017 - 59
Independent Banker - July 2017 - 60
Independent Banker - July 2017 - 61
Independent Banker - July 2017 - 62
Independent Banker - July 2017 - 63
Independent Banker - July 2017 - 64
Independent Banker - July 2017 - 65
Independent Banker - July 2017 - 66
Independent Banker - July 2017 - 67
Independent Banker - July 2017 - 68
Independent Banker - July 2017 - 69
Independent Banker - July 2017 - 70
Independent Banker - July 2017 - 71
Independent Banker - July 2017 - 72
Independent Banker - July 2017 - Cover3
Independent Banker - July 2017 - Cover4
https://www.nxtbook.com/mspc/independentbanker/october2024
https://www.nxtbook.com/mspc/independentbanker/september2024
https://www.nxtbook.com/mspc/independentbanker/august2024
https://www.nxtbook.com/mspc/independentbanker/july2024
https://www.nxtbook.com/mspc/independentbanker/june2024
https://www.nxtbook.com/mspc/independentbanker/may2024
https://www.nxtbook.com/mspc/independentbanker/april2024
https://www.nxtbook.com/mspc/independentbanker/march2024
https://www.nxtbook.com/mspc/independentbanker/february2024
https://www.nxtbook.com/mspc/independentbanker/january2024
https://www.nxtbook.com/mspc/independentbanker/december2023
https://www.nxtbook.com/mspc/independentbanker/november2023
https://www.nxtbook.com/mspc/independentbanker/october2023
https://www.nxtbook.com/mspc/independentbanker/september2023
https://www.nxtbook.com/mspc/independentbanker/august2023
https://www.nxtbook.com/mspc/independentbanker/july2023
https://www.nxtbook.com/mspc/independentbanker/june2023
https://www.nxtbook.com/mspc/independentbanker/may2023
https://www.nxtbook.com/mspc/independentbanker/april2023
https://www.nxtbook.com/mspc/independentbanker/march2023
https://www.nxtbook.com/mspc/independentbanker/february2023
https://www.nxtbook.com/mspc/independentbanker/january2023
https://www.nxtbook.com/mspc/independentbanker/december2022
https://www.nxtbook.com/mspc/independentbanker/november2022
https://www.nxtbook.com/mspc/independentbanker/october2022
https://www.nxtbook.com/mspc/independentbanker/september2022
https://www.nxtbook.com/mspc/independentbanker/august2022
https://www.nxtbook.com/mspc/independentbanker/july2022
https://www.nxtbook.com/mspc/independentbanker/june2022
https://www.nxtbook.com/mspc/independentbanker/may2022
https://www.nxtbook.com/mspc/independentbanker/april2022
https://www.nxtbook.com/mspc/independentbanker/march2022
https://www.nxtbook.com/mspc/independentbanker/february2022
https://www.nxtbook.com/mspc/independentbanker/january2022
https://www.nxtbook.com/mspc/independentbanker/december2021
https://www.nxtbook.com/mspc/independentbanker/november2021
https://www.nxtbook.com/mspc/independentbanker/october2021
https://www.nxtbook.com/mspc/independentbanker/september2021
https://www.nxtbook.com/mspc/independentbanker/august2021
https://www.nxtbook.com/mspc/independentbanker/july2021
https://www.nxtbook.com/mspc/independentbanker/june2021
https://www.nxtbook.com/mspc/independentbanker/may2021
https://www.nxtbook.com/mspc/independentbanker/april2021
https://www.nxtbook.com/mspc/independentbanker/march2021
https://www.nxtbook.com/mspc/independentbanker/february2021
https://www.nxtbook.com/mspc/independentbanker/january2021
https://www.nxtbook.com/mspc/independentbanker/december2020
https://www.nxtbook.com/mspc/independentbanker/november2020
https://www.nxtbook.com/mspc/independentbanker/october2020
https://www.nxtbook.com/mspc/independentbanker/september2020
https://www.nxtbook.com/mspc/independentbanker/august2020
https://www.nxtbook.com/mspc/independentbanker/july2020
https://www.nxtbook.com/mspc/independentbanker/june2020
https://www.nxtbook.com/mspc/independentbanker/may2020
https://www.nxtbook.com/mspc/independentbanker/april2020
https://www.nxtbook.com/mspc/independentbanker/march2020
https://www.nxtbook.com/mspc/independentbanker/february2020
https://www.nxtbook.com/mspc/independentbanker/january2020
https://www.nxtbook.com/mspc/independentbanker/december2019
https://www.nxtbook.com/mspc/independentbanker/november2019
https://www.nxtbook.com/mspc/independentbanker/october2019
https://www.nxtbook.com/mspc/independentbanker/september2019
https://www.nxtbook.com/mspc/independentbanker/august2019
https://www.nxtbook.com/mspc/independentbanker/july2019
https://www.nxtbook.com/mspc/independentbanker/june2019
https://www.nxtbook.com/mspc/independentbanker/may2019
https://www.nxtbook.com/mspc/independentbanker/april2019
https://www.nxtbook.com/mspc/independentbanker/march2019
https://www.nxtbook.com/mspc/independentbanker/february2019
https://www.nxtbook.com/mspc/independentbanker/january2019
https://www.nxtbook.com/mspc/independentbanker/december2018
https://www.nxtbook.com/mspc/independentbanker/november2018
https://www.nxtbook.com/mspc/independentbanker/october2018
https://www.nxtbook.com/mspc/independentbanker/september2018
https://www.nxtbook.com/mspc/independentbanker/august2018
https://www.nxtbook.com/mspc/independentbanker/july2018
https://www.nxtbook.com/mspc/independentbanker/june2018
https://www.nxtbook.com/mspc/independentbanker/may2018
https://www.nxtbook.com/mspc/independentbanker/april2018
https://www.nxtbook.com/mspc/independentbanker/march2018
https://www.nxtbook.com/mspc/independentbanker/february2018
https://www.nxtbook.com/mspc/independentbanker/january2018
https://www.nxtbook.com/mspc/independentbanker/december2017
https://www.nxtbook.com/mspc/independentbanker/november2017
https://www.nxtbook.com/mspc/independentbanker/october2017
https://www.nxtbook.com/mspc/independentbanker/september2017
https://www.nxtbook.com/mspc/independentbanker/august2017
https://www.nxtbook.com/mspc/independentbanker/july2017
https://www.nxtbook.com/mspc/independentbanker/june2017
https://www.nxtbook.com/mspc/independentbanker/may2017
https://www.nxtbook.com/mspc/independentbanker/april2017
https://www.nxtbookmedia.com