Subcommittee Examines Cyber Threats to U.S. Financial Sector

Press Release

The House Oversight and Investigations Subcommittee held a hearing today as a part of an ongoing series on the growing threat cyber attacks pose to the U.S. economy and the financial services sector.

Subcommittee Chairman Sean Duffy (WI-07) offered, "Nearly every government agency has been a target of cyber attacks, and with the recent OPM breach, the federal government has now provided a channel for these criminals to access sensitive personal information. In the wake of these incidents, the CFPB continues to collect information on consumers and their financial practices, and Obamacare has created vast data hubs to collect and store scores of highly sensitive personal and health information on our citizens."

Key Takeaways from the Hearing (courtesy of the House Financial Services Committee):

An increasing and prominent number of nation-states, criminal organizations, terrorist groups, and "hacktivists" are motivated to and capable of carrying out cyber attacks against the U.S.

The nation's financial sector is at increased risk of cyber attack relative to other sectors, not only because there is a significant financial incentive to attack financial institutions but also because the sector is a symbol of Western power and capitalism.

Topline Quotes from Witnesses:

" On the financial crime front, the 2015 Cost of Data Breach Study by IBM and the Ponemon Institute reported that "the average cost for each lost or stolen record containing sensitive and confidential information increased from $201 to $217,' while "the total average cost paid by organizations increased from $5.9 million to $6.5 million.' Worse, the types of personally identifiable data being stolen increasingly include "permanent data,' such as Social Security numbers and health care records. Although credit cards are easily replaced at minimal cost to the victim, there is no business process to recover from the theft of Social Security numbers or health records."

- Richard Bejtlich, Chief Security Strategist for FireEye, Inc.

"Our society's current response is not sufficient to address growing cyber threats. We need to have a more pro-active approach, one that shifts the paradigm away from defense to offense. We can take inspiration from the anti-money laundering and sanctions model forged at Treasury and leverage financial pressure against cyber threats to better protect the financial system."

- Michael Madon, Board of Advisors Member; Center on Sanctions and Illicit Finance, Foundation for Defense of Democracies

"To give you a sense of the magnitude of the problem, consider the following figures which were provided to me recently by a major U.S. bank on a not-for-attribution basis: just last week, they faced 30,000 cyber- attacks. This amounts to an attack every 34 seconds, each and every day. And these are just the attacks that the bank actually knows about, by virtue of a known malicious signature or IP address. As for the source of the known attacks, approximately 22,000 came from criminal organizations; and 400 from nation-states."

- Frank Cilluffo, Director, Center for Cyber and Homeland Security; The George Washington University

Source