{"id":75460,"date":"2024-02-08T17:27:11","date_gmt":"2024-02-08T09:27:11","guid":{"rendered":"https:\/\/version-2.com\/?p=75460"},"modified":"2024-02-02T17:31:52","modified_gmt":"2024-02-02T09:31:52","slug":"why-is-cybersecurity-compliance-challenging-for-financial-institutions","status":"publish","type":"post","link":"https:\/\/version-2.com\/zh\/2024\/02\/why-is-cybersecurity-compliance-challenging-for-financial-institutions\/","title":{"rendered":"Why is cybersecurity compliance challenging for financial institutions?"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"75460\" class=\"elementor elementor-75460\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-4da8c5f9 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4da8c5f9\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;decf9c3&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-133ba185\" data-id=\"133ba185\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fc2da8d post-content elementor-widget elementor-widget-text-editor\" data-id=\"fc2da8d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"mr-4 ml-4 mt-0 blog-body\"><p>Have you ever thought about what it would be like to open a bank?\u00a0<\/p><p>Arguably, today it\u2019s easier than ever to start a new bank. The popularization of internet banks and online banking means you no longer need ATMs, hard currency, vaults, physical branches, tellers, or security guards.<\/p><p>So why isn\u2019t everybody just doing it?<\/p><p>It\u2019s the regulations.<\/p><p>To run a bank, you\u2019ll need to navigate a multifaceted, regularly shifting environment where regulations, laws, and standards are complex, demanding, and sometimes contradictory. Right off the bat, this requires a non-trivial effort to understand the legal intricacies, nuances, and ramifications of compliance.<\/p><p>Then, you\u2019ll need to spend time and money ensuring the right tools and processes are put in place to ensure compliance with all requirements.<\/p><p>Let\u2019s examine the many cybersecurity compliance hurdles financial institutions face.<\/p><h2 id=\"stringent-cybersecurity-regulations\">Stringent cybersecurity regulations <a href=\"#stringent-cybersecurity-regulations\">#<\/a><\/h2><p>Imagine Huxley Credit Union is coming to a web browser near you. Here\u2019s what you must comply with for cybersecurity if you start a local credit union doing business only in the United States:<\/p><section class=\"faq\" style=\"padding-top: 0!important;\"><div><div class=\"accordion\" style=\"padding-bottom: 2rem!important;\"><div class=\"accordion_unit\" style=\"padding: 1rem; border-bottom: none; background-color: #f5f5f5;\"><p><label class=\"accordion-label\" for=\"glba\">Gramm-Leach-Bliley Act (GLBA)<\/label><\/p><div class=\"accordion-content\">This cornerstone regulation mandates financial institutions, including credit unions, to implement security measures to protect non-public personal information (NPPI) of members. The Federal Trade Commission (FTC) Safeguards Rule under GLBA sets specific security standards and incident reporting requirements.<\/div><\/div><div class=\"accordion_unit\" style=\"padding: 1rem; border-bottom: none; background-color: #f5f5f5;\"><p><label class=\"accordion-label\" for=\"bsa\">Bank Secrecy Act (BSA)<\/label><\/p><div class=\"accordion-content\">This anti-money laundering (AML) and cybercrime prevention law requires credit unions to establish AML programs, conduct customer due diligence, and monitor transactions for suspicious activity. Robust cybersecurity measures are vital for effective AML compliance.<\/div><\/div><div class=\"accordion_unit\" style=\"padding: 1rem; border-bottom: none; background-color: #f5f5f5;\"><p><label class=\"accordion-label\" for=\"cisa\">Cybersecurity Information Sharing Act (CISA)<\/label><\/p><div class=\"accordion-content\">(Not to be confused with CISA, the DHS agency.) This law encourages the sharing of cybersecurity threat information between private sector entities and the federal government. While not a direct compliance requirement, credit unions may participate in information-sharing initiatives to enhance their cybersecurity posture.<\/div><\/div><div class=\"accordion_unit\" style=\"padding: 1rem; border-bottom: none; background-color: #f5f5f5;\"><p><label class=\"accordion-label\" for=\"ncua\">National Credit Union Administration (NCUA) Regulations<\/label><\/p><div class=\"accordion-content\">The NCUA issues regulations and guidance related to information security and cybersecurity for credit unions. Credit unions must follow NCUA guidelines to ensure the security of member information and avoid regulatory enforcement actions.<\/div><\/div><div class=\"accordion_unit\" style=\"padding: 1rem; border-bottom: none; background-color: #f5f5f5;\"><p><label class=\"accordion-label\" for=\"state-data\">State Data Breach Notification Laws<\/label><\/p><div class=\"accordion-content\">Credit unions may be subject to state-specific data breach notification laws, which require prompt disclosure of security incidents involving personal information. Examples include Massachusetts\u2019s 201 CMR 17.00 or New York\u2019s 23 NYCRR 500. Failure to comply with these laws can lead to penalties imposed by state regulators.<\/div><\/div><\/div><\/div><\/section><h3 id=\"industry-standards-and-frameworks\">Industry standards and frameworks <a href=\"#industry-standards-and-frameworks\">#<\/a><\/h3><p>There are other frameworks for the industry that apply as well:<\/p><section class=\"faq\" style=\"padding-top: 0!important;\"><div><div class=\"accordion\" style=\"padding-bottom: 2rem!important;\"><div class=\"accordion_unit\" style=\"padding: 1rem; border-bottom: none; background-color: #f5f5f5;\"><p><label class=\"accordion-label\" for=\"pci-dss\">Payment Card Industry Data Security Standard (PCI DSS)<\/label><\/p><div class=\"accordion-content\">If a credit union processes credit or debit card transactions, it must comply with PCI DSS requirements to secure cardholder data and payment systems. Non-compliance can lead to fines imposed by payment card networks.<\/div><\/div><div class=\"accordion_unit\" style=\"padding: 1rem; border-bottom: none; background-color: #f5f5f5;\"><p><label class=\"accordion-label\" for=\"ffiec\">Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (CAT) <\/label><\/p><div class=\"accordion-content\">While not a regulation, the FFIEC CAT provides a framework for self-assessing cybersecurity preparedness. Credit unions using the CAT demonstrate proactive adherence to best practices.<\/div><\/div><div class=\"accordion_unit\" style=\"padding: 1rem; border-bottom: none; background-color: #f5f5f5;\"><p><label class=\"accordion-label\" for=\"nist\">National Institute of Standards and Technology (NIST) Cybersecurity Framework<\/label><\/p><div class=\"accordion-content\">This is a voluntary framework for managing cybersecurity risks. Implementing relevant parts of the framework can improve a credit union&#8217;s overall cybersecurity posture.<\/div><\/div><\/div><\/div><\/section><p>To recap, all the above are just for cybersecurity. There will be other regulations to consider for the rest of the business \u2014 each with their own requirements and standards to meet.<\/p><h2 id=\"compliance-is-ongoing--and-regulations-change\">Compliance is ongoing \u2014 and regulations change <a href=\"#compliance-is-ongoing--and-regulations-change\">#<\/a><\/h2><p>Setting up tools and systems to ensure compliance isn\u2019t a one-and-done event either.<\/p><p>Compliance is a continuous process. And to make matters worse, regulations change \u2014 with the updated versions imposing new or altered requirements. For example:<\/p><section class=\"faq\" style=\"padding-top: 0!important;\"><div><div class=\"accordion\" style=\"padding-bottom: 2rem!important;\"><div class=\"accordion_unit\" style=\"padding: 1rem; border-bottom: none; background-color: #f5f5f5;\"><p><label class=\"accordion-label\" for=\"glba2\">Gramm-Leach-Bliley Act FTC Safeguard Rules:<\/label><\/p><div class=\"accordion-content\"><ul><li>2021: Clarifications on multi-factor authentication (MFA) and risk assessments.<\/li><li>2020: Updates on incident response, encryption, and vendor management.<\/li><\/ul><\/div><\/div><div class=\"accordion_unit\" style=\"padding: 1rem; border-bottom: none; background-color: #f5f5f5;\"><p><label class=\"accordion-label\" for=\"pcidss\">Payment Card Industry Data Security Standard:<\/label><\/p><div class=\"accordion-content\"><ul><li>2020: Version 4.0 released with updated requirements for encryption, logging, and vulnerability management.<\/li><li>2019: Updates in version 3.2.1 on incident response and service provider controls.<\/li><\/ul><\/div><\/div><div class=\"accordion_unit\" style=\"padding: 1rem; border-bottom: none; background-color: #f5f5f5;\"><p><label class=\"accordion-label\" for=\"bsa2\">Bank Secrecy Act and related regulations:<\/label><\/p><div class=\"accordion-content\">Ongoing amendments and interpretations focusing on cybercrime prevention and suspicious activity monitoring.<\/div><\/div><\/div><\/div><\/section><h3 id=\"the-cost-of-falling-behind\">The cost of falling behind <a href=\"#the-cost-of-falling-behind\">#<\/a><\/h3><p>Failing to keep up with regulatory changes can have substantial material impacts, alongside the reputational damage.<\/p><p>In 2023, OneMain Financial Group <a href=\"https:\/\/www.akingump.com\/en\/insights\/blogs\/ag-data-dive\/nydfs-fines-onemain-dollar425m-for-cybersecurity-failures\" target=\"_blank\" rel=\"noopener\">paid a $4.25 million fine<\/a> pursuant to a consent order to settle alleged violations of NYDFS\u2019s Cybersecurity Regulation (23 NYCRR Part 500). These included improperly storing passwords and not sufficiently managing risk from third-party data storage. Even though the regulation became effective in 2017, the <a href=\"https:\/\/www.dfs.ny.gov\/system\/files\/documents\/2023\/05\/ea20230524_co_onemain.pdf\" target=\"_blank\" rel=\"noopener\">consent order<\/a> cited violation as late as 2021, indicating a significant failure to keep up with regulatory changes.<\/p><h2 id=\"regulatory-language-is-open-to-interpretation\">Regulatory language is open to interpretation <a href=\"#regulatory-language-is-open-to-interpretation\">#<\/a><\/h2><p>Different interpretations of the language used in regulations can lead to additional costs or unexpected penalties.<\/p><div style=\"border: 2px solid #ccc; padding: 20px;\"><p><strong>Real-life example: Interpreting requirements<\/strong><\/p><p>In 2003\u20132004, I led numerous secured email projects to help bring institutions into compliance with a new regulation. In particular, we had to ensure that all email communication between the company and its customer was secured.<\/p><p>All but one of my customers interpreted the regulation to mean they had to authenticate the recipients. It took additional cost and effort to maintain a database of email addresses and passwords, and support the forgotten password and password reset functionalities, but was deemed necessary.<\/p><p>There was one exception among my customers who interpreted the regulation more minimally. This company believed that the payload had to be encrypted in transit, but no more. Hence, we implemented a one-click, passwordless envelope.<\/p><p>I\u2019m not aware of what\u2019s happened since then. If it turned out that they were never in violation due to this interpretation, then many other institutions spent more time, effort, and cost than necessary for compliance.<\/p><\/div><h3 id=\"how-to-define-material\">How to define \u2018material\u2019? <a href=\"#how-to-define-material\">#<\/a><\/h3><p>More recently, the Security and Exchange Commission (SEC) released an update stating:<\/p><p><i>\u201cThe new rules will require registrants to disclose on the new Item 1.05 of Form 8-K any cybersecurity incident they determine to be material and to describe the material aspects of the incident\u2019s nature, scope, and timing, as well as its material impact or reasonably likely material impact on the registrant. An Item 1.05 Form 8-K will generally be due four business days after a registrant determines that a cybersecurity incident is material.\u201d<\/i><\/p><p>How an institution interprets \u2018material\u2019 can materially impact cost and effort (pun intended).<\/p><p>A bank may expose itself to fines or penalties with a stricter interpretation of \u2018material\u2019. While with a looser interpretation, it may end up doing unnecessary work.<\/p><p>Unfortunately, regulatory deadlines typically apply to large swathes of institutions simultaneously. So you can\u2019t wait to see how the agency judges your peers and then act accordingly.<\/p><h2 id=\"customer-expectations-shape-whats-viable\">Customer expectations shape what\u2019s viable <a href=\"#customer-expectations-shape-whats-viable\">#<\/a><\/h2><p>Even when \u2014 or especially when \u2014 financial institutions are expending significant effort on compliance, they mustn\u2019t lose sight of the fact that their primary purpose is to service customers.<\/p><p>Borrowers and depositors come from all walks of life, with varying levels of tech-savviness and tolerance for hurdles to accessing and moving their money.<\/p><p>Compliance could be easier if banks could put more onus on customers. But if a bank required a retinal scan for each online banking login, customers would offboard in droves.<\/p><p>Following regulations would be less complicated if banks could spend a longer period undertaking certain processes. But if a bank took three weeks to vet a digital transfer, they would lose out to their speedier competitors.<\/p><h2 id=\"even-the-data-doesnt-make-it-easy-to-comply\">Even the data doesn\u2019t make it easy to comply <a href=\"#even-the-data-doesnt-make-it-easy-to-comply\">#<\/a><\/h2><p>Complying with these various regulations and requirements would be challenging enough if each bank had just a single database. But that is not remotely the case.<\/p><p>Financial institutions deal with millions, even billions of records, typically spread across several databases and systems: countless customers, accounts, transactions, financial instruments, and internal operations.<\/p><p>Transaction data, in particular, stands out as a data type with extremely high velocity. This makes it difficult to conduct any sort of real-time monitoring that regulations may require. Monitoring is made even harder given that the data is often unstructured (e.g. email messages) or binary (e.g. uploaded screenshots or Microsoft Word documents).<\/p><p>Compounding the problem, financial data often comes from legacy systems. Compliance when working with legacy data from legacy systems becomes drastically more difficult.<\/p><div style=\"border: 2px solid #ccc; padding: 20px;\"><p><strong>Real-life example: Making sense of Kafkaesque legacy data and systems<\/strong><\/p><p>Several years ago, I was building a secured messaging system for a bank. They had three different types of global unique identifiers (GUIDs). (Yes, I realize that those aren\u2019t truly GUIDs, but that\u2019s what they called them.)<\/p><p>Even further back in time, the three different types of GUIDs had been pulled into a single denormalized table. A customer could have one, two, or three of these GUIDs, in any combination!<\/p><p>My code had to painstakingly examine other fields to see which GUID to use for which purpose, and to extract data from other systems. To make things more Kafkaesque, the GUIDs were called TBP, CIF, and UWN, and no one could tell me what the acronyms stood for.<\/p><\/div><h3 id=\"exchanging-data-with-many-third-parties\">Exchanging data with (many) third parties <a href=\"#exchanging-data-with-many-third-parties\">#<\/a><\/h3><p>Let\u2019s not forget that it\u2019s not just the data stored in-house that needs managing in a compliant way. Banks are also responsible for ensuring data security and compliance when data is shared with or handled by third parties.<\/p><p>Here is a non-exhaustive list of third parties that banks typically interoperate with:<\/p><section class=\"faq\" style=\"padding-top: 0!important;\"><div><div class=\"accordion\" style=\"padding-bottom: 2rem!important;\"><div class=\"accordion_unit\" style=\"padding: 1rem; border-bottom: none; background-color: #f5f5f5;\"><p><input id=\"payment-systems\" class=\"accordion-input\" name=\"faq-single\" type=\"checkbox\" \/><br \/><label class=\"accordion-label\" for=\"payment-systems\">Payment systems: <\/label><\/p><div class=\"accordion-content\">ACH Network, Zelle, Fedwire, Real Time Payments (RTP), Visa Direct, Mastercard Send, SWIFT, SEPA, CHIPS, TARGET2, Visa, Mastercard, American Express, Discover<\/div><\/div><div class=\"accordion_unit\" style=\"padding: 1rem; border-bottom: none; background-color: #f5f5f5;\"><p><input id=\"clearing\" class=\"accordion-input\" name=\"faq-single\" type=\"checkbox\" \/><br \/><label class=\"accordion-label\" for=\"clearing\">Clearing and settlement:<\/label><\/p><div class=\"accordion-content\">The Clearing House Payments Company (CHIPS), Depository Trust &amp; Clearing Corporation (DTCC), National Clearing House (NCH)<\/div><\/div><div class=\"accordion_unit\" style=\"padding: 1rem; border-bottom: none; background-color: #f5f5f5;\"><p><input id=\"fraud\" class=\"accordion-input\" name=\"faq-single\" type=\"checkbox\" \/><br \/><label class=\"accordion-label\" for=\"fraud\">Fraud detection and prevention: <\/label><\/p><div class=\"accordion-content\">Fiserv Cardholder Verification Value (CVP), Early Warning Services (EWS), Riskified, Accertify<\/div><\/div><div class=\"accordion_unit\" style=\"padding: 1rem; border-bottom: none; background-color: #f5f5f5;\"><p><input id=\"data\" class=\"accordion-input\" name=\"faq-single\" type=\"checkbox\" \/><br \/><label class=\"accordion-label\" for=\"data\">Data and analytics: <\/label><\/p><div class=\"accordion-content\">Moody&#8217;s Analytics, S&amp;P Global Market Intelligence, LexisNexis, Dun &amp; Bradstreet<\/div><\/div><div class=\"accordion_unit\" style=\"padding: 1rem; border-bottom: none; background-color: #f5f5f5;\"><p><input id=\"compliance\" class=\"accordion-input\" name=\"faq-single\" type=\"checkbox\" \/><br \/><label class=\"accordion-label\" for=\"compliance\">Compliance and regulatory reporting:<\/label><\/p><div class=\"accordion-content\">Experian, Thomson Reuters, Finastra, Regulatory Reporting Services (RRS)<\/div><\/div><div class=\"accordion_unit\" style=\"padding: 1rem; border-bottom: none; background-color: #f5f5f5;\"><p><input id=\"trade\" class=\"accordion-input\" name=\"faq-single\" type=\"checkbox\" \/><br \/><label class=\"accordion-label\" for=\"trade\">Trade finance:<\/label><\/p><div class=\"accordion-content\">Bolero International, Marco Polo Trade Finance Network, Traxys<\/div><\/div><div class=\"accordion_unit\" style=\"padding: 1rem; border-bottom: none; background-color: #f5f5f5;\"><p><input id=\"technology\" class=\"accordion-input\" name=\"faq-single\" type=\"checkbox\" \/><br \/><label class=\"accordion-label\" for=\"technology\">Technology and infrastructure:<\/label><\/p><div class=\"accordion-content\">Microsoft Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP), Core banking platforms (e.g., FIS, Jack Henry)<\/div><\/div><div class=\"accordion_unit\" style=\"padding: 1rem; border-bottom: none; background-color: #f5f5f5;\"><p><input id=\"crypto\" class=\"accordion-input\" name=\"faq-single\" type=\"checkbox\" \/><br \/><label class=\"accordion-label\" for=\"crypto\">Blockchain and crypto-related: <\/label><\/p><div class=\"accordion-content\">Coinbase, Gemini, Circle<\/div><\/div><\/div><\/div><\/section><h2 id=\"ensuring-cybersecurity-compliance\">Ensuring cybersecurity compliance <a href=\"#ensuring-cybersecurity-compliance\">#<\/a><\/h2><p>From keeping up with changing regulatory requirements to meeting customer expectations, and from deciphering ambiguous meanings to unpacking legacy data, cybersecurity compliance is a complex challenge for financial institutions.<\/p><p>They face a huge array of complicated and continually evolving regulations, laws, and standards on cybersecurity. Ensuring compliance with these requires a comprehensive and robust security program, including tools and processes to generate periodic reports or disclosures, processes to remediate any violations, and the staff to make it all happen.<\/p><p>And while all of this costs time and money, the costs of non-compliance \u2014 either through fines or cybercrime \u2014 are considerably heftier.<\/p><p>All of this is why you won\u2019t, after all, see Huxley Bank in a web browser near you any time soon.<\/p><section class=\"w-100 large-bg-v2 py-5\"><div class=\"container my-3\"><div class=\"row align-items-center\"><div class=\"col-xs-12 col-lg-7\"><h2>Try runZero for free<\/h2><p class=\"mb-4 mt-3\">Find out what\u2019s connected to your network in less than 20 minutes.<\/p><p><a class=\"btn btn-cta\" href=\"\/try\/signup\/\">Start trial<\/a><\/p><\/div><div class=\"col-xs-12 col-lg-4 offset-lg-1 pt-5\"><img decoding=\"async\" class=\"img-fluid\" src=\"\/img\/icons\/teams.png\" alt=\"Join our team\" \/><\/div><\/div><\/div><\/section><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8085a61 post-content elementor-widget elementor-widget-shortcode\" data-id=\"8085a61\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"shortcode.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-shortcode\">\t\t<div data-elementor-type=\"page\" data-elementor-id=\"18103\" class=\"elementor elementor-18103\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-748947f elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"748947f\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7995c19\" data-id=\"7995c19\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a437045 elementor-widget elementor-widget-image-box\" data-id=\"a437045\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-image-box-wrapper\"><div class=\"elementor-image-box-content\"><h3 class=\"elementor-image-box-title\">About Version 2 Digital<\/h3><p class=\"elementor-image-box-description\">Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.\n<br><br>\nThrough an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\n\t\t<div data-elementor-type=\"page\" data-elementor-id=\"55060\" class=\"elementor elementor-55060\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-6b25dc0d elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"6b25dc0d\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-3cc1b37d\" data-id=\"3cc1b37d\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-52c4a230 elementor-widget elementor-widget-text-editor\" data-id=\"52c4a230\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>About runZero<\/strong><br \/>runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network\u2013without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Have you ever thought about what it would be like to op [&hellip;]<\/p>\n","protected":false},"author":149011790,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[976,1273,61],"tags":[977,1272],"class_list":["post-75460","post","type-post","status-publish","format-standard","hentry","category-runzero","category-1273","category-press-release","tag-runzero","tag-1272"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Why is cybersecurity compliance challenging for financial institutions? - Version 2<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.runzero.com\/blog\/finance-compliance-challenges\/\" \/>\n<meta property=\"og:locale\" content=\"zh_HK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Why is cybersecurity compliance challenging for financial institutions? - Version 2\" \/>\n<meta property=\"og:description\" content=\"Have you ever thought about what it would be like to op [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.runzero.com\/blog\/finance-compliance-challenges\/\" \/>\n<meta property=\"og:site_name\" content=\"Version 2\" \/>\n<meta property=\"article:published_time\" content=\"2024-02-08T09:27:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/version-2.com\/wp-content\/uploads\/2020\/04\/blog-v2-logo.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"250\" \/>\n\t<meta property=\"og:image:height\" content=\"70\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"tracylamv2\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"tracylamv2\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9810\u8a08\u95b1\u8b80\u6642\u9593\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 \u5206\u9418\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.runzero.com\\\/blog\\\/finance-compliance-challenges\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2024\\\/02\\\/why-is-cybersecurity-compliance-challenging-for-financial-institutions\\\/\"},\"author\":{\"name\":\"tracylamv2\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/011bc7c3731c930bcfeecd52fefb6365\"},\"headline\":\"Why is cybersecurity compliance challenging for financial institutions?\",\"datePublished\":\"2024-02-08T09:27:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2024\\\/02\\\/why-is-cybersecurity-compliance-challenging-for-financial-institutions\\\/\"},\"wordCount\":1810,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"keywords\":[\"runZero\",\"2024\"],\"articleSection\":[\"runZero\",\"2024\",\"Press Release\"],\"inLanguage\":\"zh-HK\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.runzero.com\\\/blog\\\/finance-compliance-challenges\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/version-2.com\\\/2024\\\/02\\\/why-is-cybersecurity-compliance-challenging-for-financial-institutions\\\/\",\"url\":\"https:\\\/\\\/www.runzero.com\\\/blog\\\/finance-compliance-challenges\\\/\",\"name\":\"Why is cybersecurity compliance challenging for financial institutions? - Version 2\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\"},\"datePublished\":\"2024-02-08T09:27:11+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.runzero.com\\\/blog\\\/finance-compliance-challenges\\\/#breadcrumb\"},\"inLanguage\":\"zh-HK\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.runzero.com\\\/blog\\\/finance-compliance-challenges\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.runzero.com\\\/blog\\\/finance-compliance-challenges\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9801\",\"item\":\"https:\\\/\\\/version-2.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Why is cybersecurity compliance challenging for financial institutions?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"name\":\"Version 2\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/version-2.com\\\/zh\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"zh-HK\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\",\"name\":\"Version 2\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"width\":1795,\"height\":335,\"caption\":\"Version 2\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/011bc7c3731c930bcfeecd52fefb6365\",\"name\":\"tracylamv2\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g\",\"caption\":\"tracylamv2\"},\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/author\\\/tracylamv2\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Why is cybersecurity compliance challenging for financial institutions? - Version 2","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.runzero.com\/blog\/finance-compliance-challenges\/","og_locale":"zh_HK","og_type":"article","og_title":"Why is cybersecurity compliance challenging for financial institutions? - Version 2","og_description":"Have you ever thought about what it would be like to op [&hellip;]","og_url":"https:\/\/www.runzero.com\/blog\/finance-compliance-challenges\/","og_site_name":"Version 2","article_published_time":"2024-02-08T09:27:11+00:00","og_image":[{"width":250,"height":70,"url":"https:\/\/version-2.com\/wp-content\/uploads\/2020\/04\/blog-v2-logo.jpg","type":"image\/jpeg"}],"author":"tracylamv2","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"tracylamv2","\u9810\u8a08\u95b1\u8b80\u6642\u9593":"9 \u5206\u9418"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.runzero.com\/blog\/finance-compliance-challenges\/#article","isPartOf":{"@id":"https:\/\/version-2.com\/2024\/02\/why-is-cybersecurity-compliance-challenging-for-financial-institutions\/"},"author":{"name":"tracylamv2","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/011bc7c3731c930bcfeecd52fefb6365"},"headline":"Why is cybersecurity compliance challenging for financial institutions?","datePublished":"2024-02-08T09:27:11+00:00","mainEntityOfPage":{"@id":"https:\/\/version-2.com\/2024\/02\/why-is-cybersecurity-compliance-challenging-for-financial-institutions\/"},"wordCount":1810,"commentCount":0,"publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"keywords":["runZero","2024"],"articleSection":["runZero","2024","Press Release"],"inLanguage":"zh-HK","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.runzero.com\/blog\/finance-compliance-challenges\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/version-2.com\/2024\/02\/why-is-cybersecurity-compliance-challenging-for-financial-institutions\/","url":"https:\/\/www.runzero.com\/blog\/finance-compliance-challenges\/","name":"Why is cybersecurity compliance challenging for financial institutions? - Version 2","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/#website"},"datePublished":"2024-02-08T09:27:11+00:00","breadcrumb":{"@id":"https:\/\/www.runzero.com\/blog\/finance-compliance-challenges\/#breadcrumb"},"inLanguage":"zh-HK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.runzero.com\/blog\/finance-compliance-challenges\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.runzero.com\/blog\/finance-compliance-challenges\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9801","item":"https:\/\/version-2.com\/"},{"@type":"ListItem","position":2,"name":"Why is cybersecurity compliance challenging for financial institutions?"}]},{"@type":"WebSite","@id":"https:\/\/version-2.com\/zh\/#website","url":"https:\/\/version-2.com\/zh\/","name":"Version 2","description":"","publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/version-2.com\/zh\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"zh-HK"},{"@type":"Organization","@id":"https:\/\/version-2.com\/zh\/#organization","name":"Version 2","url":"https:\/\/version-2.com\/zh\/","logo":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","contentUrl":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","width":1795,"height":335,"caption":"Version 2"},"image":{"@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/011bc7c3731c930bcfeecd52fefb6365","name":"tracylamv2","image":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/secure.gravatar.com\/avatar\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g","caption":"tracylamv2"},"url":"https:\/\/version-2.com\/zh\/author\/tracylamv2\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pbQRKm-jD6","post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/75460","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/users\/149011790"}],"replies":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/comments?post=75460"}],"version-history":[{"count":13,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/75460\/revisions"}],"predecessor-version":[{"id":75473,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/75460\/revisions\/75473"}],"wp:attachment":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/media?parent=75460"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/categories?post=75460"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/tags?post=75460"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}