US Treasury warns that improper use of computing may put financial firms at risk
The US Department of Treasury (USDT) has told financial institutions they are putting themselves at risk by using cloud-based services with undue care.
The department urged the firms to examine their use of cloud services after discovering flaws in cloud data handling. Challenges include an industry-wide over-reliance on a handful of cloud providers such as Amazon, Google and Microsoft, as well as a need for more skilled technology workers.
The department reports risks are especially prevalent in small and medium-sized organisations.
The USDT emphasised that firms must securely move data to cloud operations to avoid mishandling or exposure to cyberattacks. Companies turning to cloud services are at extra risk if “safe and effective migration” is not thoroughly achieved, said Deputy Secretary of the Treasury Wally Adeyemo.
The USDT highlighted that financial institutions expose themselves to added cyber incidents by relying too heavily on one operational system. A glitch in one cloud company could potentially cripple services across many branches.
Cloud security
A spokesperson from Google said: “We’re committed to working with financial services customers and regulators to provide them with controls and assurances on risk management, data locality, transparency and compliance.”
In a separate earlier investigation, Chinese intelligence agencies were accused of attacking US firms by hacking into cloud services.
Treasury officials recommended financial institutions adjust to the new wave of technology, stating it “neither endorses nor discourages cloud service adoption by the sector”.
More regulation coming
The Treasury is also establishing a separate group to study concentration in cloud-computing services, with the possibility of new regulations being introduced to manage potential cyberthreats. In July 2022 reports emerged that Microsoft’s Azure struggled to meet cloud demands.
Last November, it was announced that cloud service providers in the EU are being subjected to tighter rules. Providers now need to show how quickly they can recover from a cyber attack under law taking effect in 2024.
In 2019, Capital One was fined $80 million for a 2019 cloud hack in which confidential data was leaked in a cloud computing security breach.
Additional cybersecurity coverage
Stay up to date on the latest cybersecurity developments, news and updates. Check out the following articles:
Eoghan O'Donnell
NEXT UP
Alexey Kalachik, CEO & Co-Founder at Fively: “The potential for digitalisation within insurance is enormous”
We interview serial entrepreneur Alexey Kalachik, CEO & Co-Founder at Fively, on the future of fintech and what makes this space so exciting for startups.
IBM bolsters AI push with Microsoft Copilot launch
In a bid to boost its AI offering, IBM Consulting will enable enterprises to create and manage AI copilots – including Copilot for Microsoft 365
Andrew Kay, Director of Systems Engineering APJ at Illumio: “The most worrying development with ransomware is that it has evolved from simply stealing data to impacting IT availability”
Andrew Kay, Director of Systems Engineering APJ at Illumio, has 20 years’ experience helping organisations strengthen their cyber resilience. We interview him as part of our Threats series on cybersecurity.