Cybersecurity: A non-stop job

By Sen. Mike Crapo

With the holiday shopping season well underway, consumers, retailers and banks are reminded of the great need to protect financial data and payment information. Statistics show that data breaches do not necessarily increase during some of the busiest shopping days of the year, but each swipe of the card is a stark reminder of the significant amount of trust placed with retailers and financial institutions to keep our private financial information safe and secure.
Consumers, businesses and our economy benefit from fast, safe and accurate financial transactions. Whether we use credit cards at the gas station or grocery store, or even use our smartphones to purchase Christmas gifts online, we expect our personal information to be protected and not compromised. Recent data breaches reveal just how much information different entities collect about consumers. While financial institutions devote substantial resources to strengthening cybersecurity, including in some cases as much as hundreds of millions of dollars per year, there are still many entry points that could be attacked in our payments system.
Recently, a “60 Minutes” segment aired calling 2014 “the year of the data breach.” One recent study estimated that 60 percent of companies overall have experienced a breach in the last two years. This includes a number of high-profile breaches in which hackers have stolen personal and financial information from millions of consumers. These breaches can result in frustrating experiences for consumers, including obtaining new credit or debit cards, monitoring accounts for fraudulent activity and the disruption of pre-authorized payments. Victims of credit card theft also commonly face lingering credit problems that can result in a tough road to recovery, according to an Identity Theft Resource Center study. Additionally, financial institutions, especially community banks and credit unions, face significant costs in reissuing cards and covering losses.
The financial sector itself is also a primary target for hackers because, as some have pointed out, “that’s where the money is.” The largest banks are under constant attack every day and spend hundreds of millions of dollars per year on cyber defense. What many may not realize is that the cost of defending against cyber attacks is remarkably disproportionate compared to the cost of attacking. Hackers can purchase tools to exploit vulnerabilities for a just few hundred dollars, while firms must spend upwards of a million dollars or more to defend against specific cyber attacks. The costs and burdens on smaller financial institutions to defend against attacks can be enormous.
The Senate Banking Committee, on which I serve, recently held a hearing to assess enhanced cybersecurity coordination in the financial sector. Encouragingly, many government agencies have made cybersecurity a priority and are coordinating efforts to stop cyber criminals at the earliest signs of a threat. Likewise, the financial industry has devoted substantial resources to protecting its information systems and is widely viewed as one of the most advanced sectors in terms of prioritizing cybersecurity. However, as hackers continue to search for gaps, ensuring the private sector gets timely threat information while also making certain the process has not become so complicated that it slows down the outflow of information and hinders coordination must remain a priority.
Law enforcement, government agencies, federal banking regulators and the financial services industry must work together to maximize the speed of information sharing and minimize the risk of and damage from cyber attacks.
This column was submitted by U.S. Sen. Mike Crapo, R-Idaho Falls.