Tuesday 12 December 2017

Central Bank undertakes new inspections for cybersecurity

CENTRAL BANK: New anti-hacker reviews will be rolled out
CENTRAL BANK: New anti-hacker reviews will be rolled out
Gavin McLoughlin

Gavin McLoughlin

The Central Bank has begun inspecting financial services companies to assess their ability to deal with cyber attacks.

Companies that fail the tests could face sanctions including fines, the disqualification of a member of company's management, or revoking a company's authorisation to provide financial services. The move is part of the bank's enforcement priorities for 2015.

Companies will be asked to identify what they see as their three biggest cyber security risks, and give reasons why. They will also be asked if they use encryption, and whether they provide training and written guidance to employees concerning information security - something seen by cybersecurity experts as a key bulwark against hackers.

A Central Bank spokeswoman said the "integrity and security of firms' processes and information is critical to the safe and efficient delivery of the services which they offer to their clients."

"This review will explore the controls around the security of firms' systems and the procedures governing access to these systems," she added.

The spokeswoman said the bank will take "all necessary actions to remedy the situation within its range of powers" if weaknesses are identified in a cybersecurity system.

She would not reveal which companies have been inspected - or whether any have failed - but said the findings from this work will be used to "establish best practice in relation to cyber security and to identify areas of poor practice which need to be addressed".

Cyber security experts have expressed concern that internet crime is rampant.

Last week, the Sunday Independent revealed that an internal audit revealed weaknesses in IDA Ireland's cybersecurity system, though no confidential company information was lifted. Also last week, Ryanair had around €4.5m taken from one of its bank accounts.

The most high-profile hacking of an Irish company was in 2012 when Ennis-based Loyaltybuild had sensitive financial information belonging to 90,000 Irish consumers hacked from its system.

Central Bank director of markets supervision Gareth Murphy said that "investor protection, market integrity and financial stability are at the core of the Central Bank's mandate. By announcing these themed-inspections, we are highlighting areas where investment firms, funds and market participants may need to raise standards.

"We will communicate our assessment of regulatory standards in these areas and, where necessary, we will ensure that specific remedial actions are taken," he added.

Sunday Indo Business

Promoted Links

Business Newsletter

Read the leading stories from the world of Business.

Promoted Links

Also in Business