Hackers may have found a way to commercialize their services as individuals begin to seek “hackers for hire” to carry out low-profile cyberintrusions. In other recent governance, risk and compliance (GRC) news, President Barack Obama has introduced proposals to strengthen companies’ customer data governance processes, and new research finds that regulatory compliance costs and intricacies prove difficult for small and medium-sized asset management firms to tackle.
Website offers hackers for hire, toes the legal line
A new website called Hacker’s List opened for business in November, offering hackers’ services to people looking to accomplish various acts of low-profile hacking, The New York Times reported. The hacking jobs range from gaining access to email or social media accounts, to removing embarrassing photos or stories from a website, to changing a school grade, to obtaining client lists from a competitor’s database.
The website matches hackers with clients by having both parties bid on any of more than 500 hacking jobs posted on the site. The deed is then done anonymously. Offers from clients all over the globe have ranged from $100 to $5,000.
Whether Hacker’s List violates any laws is difficult to discern. The site’s founders argue that they are exempt from legal liability because they don’t explicitly encourage any illegal acts, and because the website requires users to agree to terms and conditions that forbid the use of the site for illegal purposes. However, some of the jobs posted on Hacker’s List, such as hacking into someone’s email account, are illegal.
President Obama calls for new data privacy laws
President Obama has unveiled a new set of proposals that will govern how companies collect, protect and use customers’ data. The suggested Consumer Privacy Bill of Rights legislation would require companies to inform customers within 30 days if their information has been stolen, make it illegal to sell customers’ identities overseas, and mandate protection of students’ personal data.
President Obama urged Congress to pass the legislation, calling identity theft and other types of cyberattacks “a direct threat to the economic security” of U.S. citizens. Currently, different states have different disclosure regulations, some of which date back 10 years. According to the National Conference of State Legislators, most of these laws only cover certain types of personal information, such as Social Security numbers and driver’s license numbers.
While this is a promising step toward pushing security and privacy to the forefront, Adam Levin, chairman of Credit.com and Identity Theft 911, asserts in an opinion piece that the legislation doesn’t provide a clear roadmap for addressing the widespread vulnerabilities that exist in many federal agencies. A recent study of the Defense Department’s security programs and practices found that many of these agencies lack effective guidelines. These lacking processes have resulted in incidents such as the hacking of the U.S. Army Corps of Engineers’ network and the breach of the Federal Communications Commission’s emergency broadcast system.
Shortly after President Obama’s announcement, New York Attorney General Eric Schneiderman proposed a data security bill to curb increasing incidents of identity theft. The new law broadens the definition of personal information to include any data that grants access to online accounts.
Regulatory compliance costs hinder startup asset management firms
Small and medium-sized investment firms are held back by the costs and complexities of compliance, according to research by think tank New City Initiative. Regulatory costs not only make it more difficult to enter the asset management field and compete with the largest firms, but are also potentially detrimental to clients by limiting their investment options, the research found.
Regulatory compliance can serve as a competitive advantage for large institutions because they are able to staff in-house lawyers, while startups have to resort to hiring third-party consultants. Additionally, the several months it takes for the Financial Conduct Authority to process an application is an extra obstacle for smaller firms as they struggle to earn revenue in the interim, the research found. These heightened costs associated with increased regulations could ultimately stifle innovation in the asset management industry, said Stephen Black, co-founder of Tier One Capital.