Arturo Estrella has a message for recession naysayers: It could hit sooner than you think.Marketsread more
Local governments commonly share single service providers, making many vulnerable at once. On top of this, ransomware has often been used to mask more targeted, malicious...Technologyread more
Salesforce released its first earnings report since its $15.3 billion acquisition of Tableau Software, the company's largest deal ever.Technologyread more
Fed Chairman Jerome Powell faces the tough challenge of presenting a unified voice on Fed policy from the most divided Fed in years.Market Insiderread more
Kudlow also confirmed to CNBC that he supported a tax cut proposal floated earlier Thursday by Sen. Rick Scott, R-Fla.Politicsread more
VMware is following through on its proposal to buy Pivotal, a fellow Dell subsidiary, and expanding into cybersecurity with the acquisition of Carbon Black.Technologyread more
Google says it shut down hundreds of YouTube channels tied to misinformation around the Hong Kong protests.Technologyread more
It is a rare scenario where long-term interest rates suddenly fall below short-term interest rates.Real Estateread more
Investors are rushing to get a piece of its privately held rival Impossible Foods before it goes public, according to the Wall Street Journal.Food & Beverageread more
Weisler has been CEO at the company since 2015 when it split from HPE.Technologyread more
Companies want to know our values and if they work with us, "they want to be aligned with those values," Salesforce co-CEO Keith Block says.Mad Money with Jim Cramerread more
It's among the worst fears of any bank CEO.
A lone hacker managed to steal the personal information of more than 100 million Capital One customers, the Virginia-based bank said Monday in a release. Most of what was taken related to customers' credit-card applications from 2005 to early 2019, including names, addresses, dates of birth and income, the lender said.
Bank CEOs including Jamie Dimon have been highlighting the risks of a cyberassault for years. Amid a steady stream of high-profile hacks, including a 2014 breach at J.P. Morgan, the industry is engaged in a cybersecurity arms race, spending ever-increasing amounts on personnel and technology projects to throw up barriers against a growing array of bad actors.
While banks have been in cost-cutting mode since the financial crisis, security budgets have exploded, in part because of the ubiquitous nature of the risks. In 2015, Bank of America CEO Brian Moynihan said cyberdefense was "the only place in the company that doesn't have a budget constraint. "
At just the two biggest U.S. banks — J.P. Morgan Chase and Bank of America — security budgets have swollen to a combined $1.4 billion a year. Overall, the industry spends an average of $2,300 per employee annually on cyberdefense, according to a Deloitte survey released in May.
"The threat of cyber security may very well be the biggest threat to the U.S. financial system," Dimon said in an April letter to shareholders. "The financial system is interconnected, and adversaries are smart and relentless — so we must continue to be vigilant."
Dimon knows this from personal experience: In October 2014, his bank said that hackers exploited an employee password to pull off one of the largest reported cyberattacks on a major financial institution, exposing data on 76 million households.
As a general rule, the industry has been loath to give specifics about cyberdefenses out of fear that it will give bad actors a blueprint to launch fresh attacks. But it's been employing everything from low-tech reminders about passwords posted in offices to sophisticated data analytics and risk-management programs to stay ahead of criminals.
On a 2016 visit to a J.P. Morgan office for technology workers in Delaware, much of the lobby was taken up with 8-foot-tall billboards reminding staff to comply with the firm's code of conduct to protect customer data. "The risks to the firm are very real, as are the consequences of non-compliance," the bank warned employees.
Banks have also been pushing for greater cooperation between the private industry and government agencies, including the FBI. That has included the National Cyber-Forensics and Training Alliance, a non-profit focused on detecting and neutralizing cyber threats.
"The most important role government has is to mandate that sharing to occur," Cathy Bessant, chief operations and technology officer at Bank of America, said in an October interview. "There is no competitive advantage to secrets in this space, especially regarding risk, and sharing is the key to prevention and detection."
The Capital One hack highlights the risks banks face from software firms they rely on to keep pace with customers' expectations.
The breach is allegedly the work of Paige A. Thompson, a former employee of Amazon Web Services. She is accused of infiltrating the bank's firewall to get customer information being stored on the servers of Amazon, the biggest cloud provider. Banks have been shifting more of their computing and storage to the cloud to cut costs and increase the speed in which they can introduce the latest apps.
"AWS was not compromised in any way and functioned as designed," an Amazon Web Services spokesperson said in a statement to CNBC. "This type of vulnerability is not specific to the cloud."
"Capital One is one of the most 'cloud forward' financial companies in the world," said Tom Kellermann, chief cybersecurity officer at software firm Carbon Black. "They should be partnering with solution providers who are intimately aware of how to keep the cloud secure."