Scotsman Guide > News > January 2017 > News Story

 Enter your e-mail address and password below.


Forgot your password? New User? Register Now.

News Archives

Subscribe icon Subscribe to our weekly e-newsletter, Top News.

Lenders urged to be proactive on cybersecurity

Data breaches and cyberattacks are an ongoing threat to financial institutions. Jeff Bernstein, managing director of the New York City-based information-security company T&M Protection Resources, spoke with Scotsman Guide News about whether mortgage companies have been taking the danger seriously, and whether he believes states will begin to ratchet up requirements on lenders to beef up their security, as will be the case in New York state after March 1.

Could you review what sort of cyberthreats banks and mortgage lenders face?


If you asked me only a few years ago, I would have said the lending space was still largely off the radar screen of cyber criminals compared to other sectors. Today it is at the top of my list. There is a significant black market that exists for stolen data, and there are relatively no barriers to entry for criminals other than a computer and a connection. Combined with the anonymity that the internet provides, it should come as no surprise that the internet is the ultimate attack platform and that banks and mortgage lenders have become a primary target for them. 

What are some steps that the mortgage industry has undertaken to address these threats?

The smart companies are taking proactive measures to protect their businesses. They are educating staff on the latest threats and how to recognize, avoid and respond to them. They are developing policies, including those that govern what is acceptable use of the internet and corporate digital assets by their employees.

The smartest firms are also assessing the security controls of their trusted partners that have access to their systems and data. This may sound excessive, but this is where the attacks are happening. For example, in November 2016 Lincoln Financial agreed to pay the Financial Industry Regulatory Authority a $650,000 fine and implement stronger cybersecurity protocols following a 2012 hack. Hackers accessed the firm's cloud server and stole confidential records of approximately 5,400 customers. This was a breach of one of the firm's third-party partners.

Do you think the industry is taking this threat seriously? 

We have seen immediate urgency, especially here in New York, because the New York State Department of Financial Services (NYSDFS) has said loud and clear that there must be compliance with new state regulations. The new NYSDFS regulations go into effect on March 1, and are intended to protect sensitive, nonpublic information of consumers. It directly affects the state's banking lenders, licensed lenders, mortgage bankers, mortgage brokers and mortgage-services firms. There will be penalties for noncompliance. We’ve experienced almost overnight an almost immediate surge in interest.

As to the larger question of whether the industry is taking it seriously, I would say with the larger companies, absolutely. They have budgets to address it. The banks that make loans are definitely mature because they are regulated by other mandates and government bodies. With the smaller and medium-sized companies, we haven’t seen it up until just recently.

The more mature, larger companies are taking it very seriously. The smaller, midsized companies typically haven't, but they are going to have to, due to some of the regulation at the state level. The majority of attacks now are targeting the smaller and medium-sized businesses. These are companies with 250 employees or less. The attackers have figured out that they are less secure. Because of that, they are softer targets.

Where do you think the Trump administration is going to stand on this?

It really remains to be seen how the new administration will tackle the challenge of cybersecurity. All we know today is that Trump sees [cyberbreaches] as a significant imminent threat, and upon taking office, he ordered an immediate review of all U.S. cyber defenses and vulnerabilities, including those existing within critical infrastructure. The review is being implemented by a Cyber Review Team consisting of selected experts from the military, law enforcement and the private sector.

I don’t get a sense that Republicans are eager to increase regulations on banks, including ones that might impose federally required standards on financial institutions to guard against cyberattacks. Do you agree with this?

The new administration's plan to regulate our banks remains to be seen. In my opinion, Trump will allow the states to largely self-govern when it comes to financial-services regulation. New York state has taken the lead with a first of its kind cybersecurity regulation aimed at banking, financial services and the mortgage sectors. Other states are likely to quickly follow suit. 


Questions? Contact at (425) 984-6017 or

Bubble 0 Comments

By submitting this comment, you agree to comply with our Terms of Use.

The text exceeds the maximum number of characters allowed.

Are you sure you want to permanently delete this blog comment? This action cannot be reversed.

You must enable your community profile to use this feature.

Cancel Enable profile

You have flagged this post for inappropriate content.

Please explain below. Thank you.

Cancel Submit

Get the latest news and articles from Scotsman Guide straight to your inbox.

Send me the following e-mails:

Learn more about Scotsman Guide e-mails

Thank you for signing up to receive e-mails from Scotsman Guide.

A confirmation e-mail has been sent to the address you provided.

For questions regarding your e-mail subscriptions please contact or call (800) 297-6061.

Fins A Lender Post a Loan
Residential Find a Lender Commercial Find a Lender
Follow Us:Visit Scotsman Guide Facebook pageVisit Scotsman Guide LinkedIn pageVisit Scotsman Guide g+ pageVisit Scotsman Guide Twitter page


© 2017 Scotsman Guide Media. All Rights Reserved.  Terms of Use  |  Privacy Policy