"Nonetheless, the Treasury Department now plans to beef up oversight when it comes to outside vendors for financial institutions, including law firms, accounting and marketing firms and “even janitorial companies,” the Times said.
Another source said that New York State’s top financial regulator, Benjamin M. Lawsky, is mulling a new rule requiring banks to “obtain representations and warranties” from vendors about the adequacy of their cyber-security profiles. The Times said that Lawsky has already sent a letter on Tuesday to dozens of banks requesting that the firms provide “any policies and procedures governing relationships with third-party service providers.”
“It is abundantly clear that, in many respects,” Lawsky said in the letter, “a firm’s level of cybersecurity is only as good as the cybersecurity of its vendors.”
when the tough gets tough the tough gets going
so when the hacking gets past the tough defenses installed by the financial firms by hacking into the systems of financial, IT firms and others to these firms who are connected to these financial services, the tough controllers get tough with every firm that wants to deliver services to the financial services and connect to their network
no more low-hanging fruit