From: The Washington Post
By Ellen Nakashima and Danielle Douglas
At least 19 financial institutions have disclosed to investors in recent weeks that their computers were targets of malicious cyberassaults last year, a sign of growing openness among corporations about the breadth of cybersecurity incidents plaguing the private sector.
In their annual financial reports to the Securities and Exchange Commission, major banks such as Bank of America, Citi, Wells Fargo and JPMorgan Chase, along with smaller institutions, have reported that their systems were hit with computer disruptions or intrusions.
The disclosures are significant in that for years, companies, including banks, have been loath even to acknowledge that they have been victims of such incidents.
But it appears that SEC guidance issued in October 2011 making clear that companies need to report significant computerized theft or disruption, combined with greater public attention to the issue, is forcing more disclosure. Also, the fact that the banks hit by the DDOS attacks have been named in media accounts has made ignoring them more difficult.
Fifth Third Bank in Cincinnati, for instance, disclosed it had endured a DDOS attack early last year. “We did it as a way to be transparent,” said Debra DeCourcy, a bank spokeswoman. “If there is something else positive that can be gained from that, it’s all the better.”
DDOS incidents do not involve penetrating networks, but the assaults that washed over the banking industry in the fall were of such force and duration that banks have spent millions of dollars shoring up their security, industry officials said. Some analysts estimate that the collective cost comes to hundreds of millions of dollars.
The disruptions also got the attention of the White House and the national security community, which have been trying to help the private sector better handle such incidents. President Obama recently signed an executive order aimed at helping companies in critical sectors shore up their network security. Improved sharing of threat data between the government and companies is considered crucial to that effort.
Such corporations as eBay, LinkedIn, Level 3 Communications, Chesapeake Energy and AT&T have admitted they suffered intrusions or disruptions last year. “It’s almost naive for most large companies in the critical infrastructure sector to say that they aren’t subject to attack,’’ said Paul Smocer, president of BITS, a financial services trade organization.
The stepped-up disclosure, he said, “brings greater awareness, greater diagnosis and a desire to find a stronger cure” for system vulnerabilities.
Even with the new openness, security experts say the real scale of companies affected by cybersecurity incidents is much larger.
Unlock the power of Salesforce https://www.examcollection.us/Experience-Cloud-Consultant-vce.html with our comprehensive and up-to-date Experience Cloud Consultant Free PDF Guide [2023]. This invaluable resource is your key to mastering the latest trends and techniques in the world of Experience Cloud. Dive into expert insights, best practices, and real-world use cases that will elevate your consultancy skills to new heights. Whether you’re a seasoned professional or just starting your journey, this PDF is your go-to reference for success. Stay ahead of the curve, download your free copy now, and revolutionize the way you harness the potential of Experience Cloud in 2023 and beyond.