Finance of America Companies (FOA), parent company of Finance of America Reverse (FAR), has enlisted the services of identity security company Spera Security to bolster its defenses against cybersecurity attacks, according to an announcement from the vendor.
“Striving to be a good steward of its customers’ data, Finance of America sought to reduce its cybersecurity risks by leveraging a solution to quickly identify deviations from [National Institute of Standards and Technology (NIST) cybersecurity framework (CSF)] guidelines and remediate other identity-related issues,” the announcement said.
The move will simplify and enhance the company’s response to cybersecurity threats, said Drew Robertson, chief information security officer (CISO) at Finance of America.
“In many organizations, security is the ‘no’ guy. We want security to empower our very innovative business leaders to do their job [securely],” Robertson said. “Spera Security enables us to see the actual data and immediately reduce identity security risks across business units without having to drill through miles of spreadsheets.”
Features of Spera’s platform include “continuous detection, analysis and prioritized remediation of identity-related issues such as orphaned accounts, over-privileged or unnecessary admin accounts and partially off-boarded user accounts,” the company said.
In a case study accompanying the announcement, Spera says that FOA’s mergers and acquisitions team is using Spera to assess the security posture of potential acquisition targets.
“A complete view and context of an organization’s identity posture can greatly accelerate the overall M&A process, improve collaboration, and reduce costs,” the case study said. “It also enables various teams to formulate security plans based on and prioritized by an accurate view of other organization’s access posture.”
Spera and FOA have cultivated a relationship that allows for a meaningful level of collaboration, said Dor Fledel, CEO and co-founder of Spera Security.
“Institutions in the mortgage and lending industry put their customer’s security and privacy as [No. 1] priority,” he told RMD in an email. “The only path to cybersecurity success is for the security vendors to form a close and meaningful partnership with their customers to ensure alignment of business priorities regarding identity security. That is the kind of relationship we’ve built with Finance of America.”
The issue of cybersecurity in the mortgage arena was recently amplified by a high-profile attack on lender and servicer Mr. Cooper. The attack compromised customer information and forced the company to lock down certain technology systems, including access to its online payment portal.
Operations partially resumed six days later, but the attack has exposed the company to additional risk. At least four consumer class-action lawsuits were filed against Mr. Cooper after disclosing the attack.