Good day. The European Commission proposed legislation that would stop banks and financial firms from using tech services that present known cybersecurity risks. Regulators would have the authority to require banks to suspend or stop using a company’s services if the flaws aren’t fixed, WSJ Pro’s Catherine Stupp reports.
Universal Health Services
restores network after cyberattack and is still reconnecting applications; retailer
fined $41.6 million for privacy abuses; China tells World Trade Organization that TikTok and
bans violate cross-border trade rules.
Also today: Cybersecurity jobs of the future.
EU seeks authority to cut off banks’ tech suppliers if they are found wanting on cybersecurity. Banks and other financial institutions could be forced to cut ties with cloud providers and other technology suppliers under a draft European Union regulation that aims to limit cybersecurity risks to the sector.
National regulators in EU countries could require banks to stop using external technology services if their providers fail to fix cybersecurity problems identified in government inspections. The bill goes beyond existing European legislation mandating cybersecurity rules for the finance sector by requiring technology suppliers to also undergo regulatory scrutiny.
Under the proposed rules, authorities can recommend cybersecurity changes to technology providers, which must respond within 30 days on whether they plan to follow the recommendations. Regulators would then monitor whether financial firms have taken those risks into consideration, and can require them to suspend or stop using a company’s services.
“It could be a massive, massive headache.”
— Richard Parlour, chief executive of law firm Financial Markets Law International, on the proposed EU regulation
Regulators’ decisions to stop banks from using certain suppliers will depend on several factors, including how serious their cybersecurity problems are and whether they have enabled financial crime, the proposal says.
Read the full article.
Your Future Job
Cyber threats have moved off the computer and into just about every facet of day-to-day life. WSJ’s Future of Everything looks at some professions that could emerge to help.
Deepfake Analyst. Large organizations, news companies and courts will hire experts who use the latest technologies to spot instances where someone’s face, voice or movements have been altered using artificial intelligence. The analysts’ toolbox will need to include fact-checking, contextual analysis and visual investigative skills.
Driverless-Car Security Specialist. These experts will help secure technologies specific to autonomous vehicles—such as lidar sensors, which procure a 3-D laser view of the environment—and will monitor fleets once they hit the road, responding to software-related incidents in real time.
Implanted-Device Guardian. These experts will have some medical background and will know about the latest cyber threats and malware. Just as we consult physicians for routine checkups, we might visit our guardians several times a year to assess our implants’ vulnerabilities through tailored body scans.
Anti-Cheat Referee. Unscrupulous gamers exploit bugs and cheat to enrich themselves, trading fictional money against hard cash. Anti-cheat referees will complement AI to track down suspicious behavior, thinking as developers to identify flaws in the game. While referees exist today, their skills will evolve to draw heavily on economics and psychology to identify abusers and ban players who cheat en masse.
Chief Identity and Digital Officer. The focus: make sure users accessing a firm’s platforms are who they say they are. These officers will promote the latest verification technologies—unlocking a smartphone by pressing your ear across the screen, for example—to employees, suppliers and contractors. Some of these responsibilities now fall to chief information security officers but pandemic-inspired remote-work policies will reshape how employees access workplaces.
More Cyber News
Universal Health Services restores network after cyberattack. The hospital chain, in an update Monday, said its computer network is back online and all inpatient facilities are reconnected. The UHS technology team is working to reconnect applications. Facilities not yet online continue to use backup procedures, the company said: “Patient care continues to be delivered safely and effectively at our facilities across the country.” UHS, one of nation’s largest hospital chains, diverted ambulances and canceled surgeries because of a Sept. 27 cyberattack that experts said was ransomware, WSJ reported at the time.
Retailer H&M fined $41.6 million for privacy violations. The Hamburg Commissioner for Data Protection and Freedom of Information said H&M’s service center in Nuremberg, Germany, kept detailed files on employees’ religious beliefs, health, families and other details, the BBC reports. The 60 gigabytes of records included information gleaned by managers since at least 2014 in chats with several hundred employees and were used to make employment decisions. The collection was revealed when the data became accessible companywide for several hours in October 2019 due to a configuration error, the regulator said, and amounts to an “intensive encroachment on employees’ civil rights.”
Mea culpa: “H&M takes full responsibility and wishes to make an unreserved apology to the employees at the service centre in Nuremberg,” the company said in a statement. H&M said it has made personnel changes at the management level, created a privacy oversight position and made other changes.
Trump’s TikTok, WeChat ban breaks WTO rules, China says. Orders by President Trump to block the apps violate the principles of cross-border business trade, a delegate from China said at a closed-door meeting of the World Trade Organization, Reuters reports. U.S. representatives reiterated Mr. Trump’s contention that the apps present national-security risks. China didn’t file an official complaint with the WTO.