Blog, Financial Services, Security and Training

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. Covered entities shall also provide at least annual training and cybersecurity awareness programs that anticipate social engineering attacks (500.14).

Financial Services

Financial Services Cybersecurity Compliance Government

GUEST ESSAY: Why internal IT teams are ill-equipped to adequately address cyber risks

The Last Watchdog

FEBRUARY 11, 2024

Related: The case for augmented reality training Because of this, cybersecurity investments and regulatory oversight are increasing at an astounding rate , especially for those in the financial services industry, bringing an overwhelming feeling to chief compliance officers without dedicated security teams.

Risk

Risk IT Financial Services Cybersecurity

The Financial Service and Insurance Industries Need Intelligent Document Processing; Here’s Why

Rocket Software

MARCH 14, 2022

Analyst firm IDC recently published a Vendor Spotlight report featuring ASG Mobius Content Services (Mobius) and its applications in the financial service and insurance industries. Going forward, businesses need to fill these gaps with the right solutions to manage critical information assets securely and effectively.

Financial Services

Financial Services Insurance Digital transformation Paper

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

FEBRUARY 10, 2021

On February 4, 2021, the New York Department of Financial Services (NYDFS) issued Circular Letter No. This includes not only recruitment of those with cybersecurity experience and skills but a commitment by insurers to these employees’ training and development so as to “properly understand and evaluate cyber risk.”. 1 See W.B.

Insurance

Insurance Financial Services Cybersecurity Risk

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats

Hunton Privacy

NOVEMBER 8, 2023

On November 1, 2023, New York Governor Hochul announced that the New York State Department of Financial Services (“NYDFS”) amended its Cybersecurity Regulation applicable to covered financial institutions. Our previous blog post covered key proposed changes to the Cyber Regulation.

Cybersecurity

Cybersecurity IT Compliance Financial Services

Finance sector must simplify staff awareness training

IT Governance

APRIL 11, 2019

Financial services firms must do more to educate employees about cyber security, according to the FCA (Financial Conduct Authority). What should financial organisations be doing? Organisations need to make staff awareness training a board-level priority. Staff awareness training is a crucial part of this.

Retail

Retail Risk Education Financial Services

The convergence of HPC and AI: Driving innovation at speed

IBM Big Data Hub

APRIL 5, 2024

As an integrated solution across critical components of computing, network, storage and security, the platform aims to assist enterprises in addressing regulatory and efficiency demands. Automotive manufacturers, having a wealth of data related to existing designs, can use these large bodies of data to train AI models.

Computer and Electronics

Computer and Electronics Artificial Intelligence Financial Services Manufacturing

Confidential Containers with Red Hat OpenShift Container Platform and IBM® Secure Execution for Linux

IBM Big Data Hub

JANUARY 10, 2024

Hybrid cloud has become the dominant approach for enterprise cloud strategies , but it comes with complexity and concerns over integration, security and skills. Hybrid cloud is also forcing a significant rethinking of how to secure and protect data and assets.

Security

Security Cloud Data Privacy Financial Services

Catches of the Month: Phishing Scams for October 2023

IT Governance

OCTOBER 13, 2023

October is both Cybersecurity Awareness Month in the US and European Cyber Security Month in the EU – twin campaigns on either side of the Atlantic that aim to improve awareness of the importance of cyber security both at work and at home, and provide tips on how to stay secure.

Phishing

Phishing Financial Services Manufacturing Personal data

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

IT Governance

APRIL 29, 2024

Keyboard app vulnerabilities reveal keystrokes to network eavesdroppers Security researchers have identified critical security vulnerabilities in Cloud-based pinyin keyboard apps from Baidu, Inc., We identified certain accounts that we believe are affiliated with the Spy.pet website, which we have subsequently banned.”

Data Privacy

Data Privacy Privacy Manufacturing Security

CyberheistNews Vol 13 #22 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks

KnowBe4

MAY 31, 2023

That's right – the financial services industry, at least according to cybersecurity vendor Armorblox's 2023 Email Security Threat Report. Blog post with links: [link] [Live Demo] Ridiculously Easy Security Awareness Training and Phishing Old-school awareness training does not hack it anymore.

Phishing

Phishing File names Security awareness Risk

5 things to know: Driving innovation with AI and hybrid cloud in the year ahead

IBM Big Data Hub

DECEMBER 18, 2023

For organizations of all types—and especially those in highly regulated industries such as financial services, government, healthcare and telco—considerations including the rise of generative AI, evolving regulations and data sovereignty laws and ongoing security challenges must be top of mind.

Cloud

Cloud Financial Services Compliance Digital transformation

5 things to know: IBM Cloud’s mission to accelerate innovation for clients

IBM Big Data Hub

AUGUST 1, 2023

We are bringing the power of foundation models with the availability of a GPU as a service on IBM Cloud offering to help organizations tap into artificial intelligence (AI) in a secured environment while aiming to mitigate third- and fourth-party risk.

Financial Services

Financial Services Computer and Electronics Cloud Digital transformation

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

The Last Watchdog

NOVEMBER 9, 2020

IoT devices help remotely control our household appliances, power plants, smart buildings, factories, airports, shipyards, trucks, trains and military. The challenge of the moment is that many companies already have their hands full trying to improve their security posture as they migrate their legacy, on premises, IT systems to the cloud.

IoT

IoT Passwords Artificial Intelligence Risk

Capital Markets, AI, and the need for governance

Collibra

OCTOBER 31, 2023

With every financial services organization focused on making better and faster decisions, data professional and business leaders are eager to better understand how AI can facilitate their strategic goals. Financial services orgs, especially those in capital markets, frequently has been on the forefront of generative AI investment.

Marketing

Marketing Government Financial Services Artificial Intelligence

Risk Management under the DORA Regulation

IT Governance

NOVEMBER 23, 2023

The financial sector is quite heavily regulated, and involves a lot of confidential data. You’d therefore expect that the sector fares better at data security than your average organisation. Perhaps even more concerning to EU lawmakers is how dependent society at large is on banking and other financial services.

Risk

Risk Data breaches Authentication Financial Services

CyberheistNews Vol 13 #07 [Scam of the Week] The Turkey-Syria Earthquake

KnowBe4

FEBRUARY 14, 2023

Blog post with links: [link] [New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist Now there's a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform! Blog post with links: [link] Are Your Users Making Risky Security Mistakes?

Phishing

Phishing Security awareness Compliance Risk

CyberheistNews Vol 13 #25 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches

KnowBe4

JUNE 20, 2023

Blog post with links: [link] [New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist Now there's a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform! Train them not to fall for bogus job offers. million simulated phishing security tests.

Data breaches

Data breaches Phishing Security awareness Ransomware

CyberheistNews Vol 13 #13 [Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks

KnowBe4

MARCH 28, 2023

Security awareness training still has a place to play here." Email and other elements of software infrastructure offer built-in fundamental security that largely guarantees we are not in danger until we ourselves take action," Tyson writes. Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.

Phishing

Phishing Security awareness Insurance Cybersecurity

The Week in Cyber Security and Data Privacy: 8 – 14 January 2024

IT Governance

JANUARY 16, 2024

Securities and Exchange Commission Source 1 ; source 2 (New) Public USA No 0 NETGEAR Source (New) Telecoms USA No 0 Note 1: ‘New’/‘Update’ in the first column refers to whether this breach was first publicly disclosed this week, or whether a significant update was released this week.

Data Privacy

Data Privacy Privacy Manufacturing Retail

At IBM Think, partners are front and center

IBM Big Data Hub

MAY 9, 2023

It’s why we gave partners access to the same training and enablement as IBMers last year, launched a new partner program in January, and continue investing in and growing the IBM Ecosystem. It led to considerable cost savings and freed their engineers to focus on what they do best – developing secure software for clients. 

Cloud

Cloud Financial Services Marketing IT

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

IT Governance

JANUARY 23, 2024

Publicly disclosed data breaches and cyber attacks: in the spotlight More than 70 million email addresses added to Have I Been Pwned The security researcher Troy Hunt has added more than 70 million email addresses from the Naz.API data set to his Have I Been Pwned data breach notification service. VF Corporation confirms 35.5

Data Privacy

Data Privacy Privacy Manufacturing Retail

The aftermath of an incident – business considerations surrounding record-keeping

Data Protection Report

AUGUST 2, 2022

Organizations should also be aware of sector-specific statutory obligations which may apply to them, for example in health or financial services industries. M&A and Securities law. The authors would like to thank Marilou Bouthiette, law student, for her help in preparing this blog post.

Compliance

Compliance Privacy Risk Financial Services

Conversational AI use cases for enterprises

IBM Big Data Hub

FEBRUARY 23, 2024

DL models can improve over time through further training and exposure to more data. HR and internal processes: Conversational AI applications streamline HR operations by addressing FAQs quickly, facilitating smooth and personalized employee onboarding, and enhancing employee training programs. AI training is a continuous process.

Analytics

Analytics Artificial Intelligence Marketing Education

The compliance challenges of hybrid working

IT Governance

AUGUST 26, 2021

In this blog, we look at the key issues that you will face. For example, financial services firms may be worried about employees breaching insider trading laws. However, to meet your compliance requirements, you need to conduct regular staff awareness training to help employees respond appropriately.

Compliance

Compliance Data breaches Privacy Risk

The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea

Security Affairs

MAY 24, 2023

Cyber security and intelligence experts believe that attacks aimed at the cryptocurrency industry will continue to increase next year. Data published by the National Intelligence Service agency confirms a report published by South Korean media outlet Chosun early this year that revealed North Korean threat actors have stolen around $1.7

Government

Government Military Financial Services IT

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

In the Order, the SEC alleges that First American’s disclosures concerning the vulnerability were deficient because senior executives were not provided all available and relevant information, specifically that First American’s information security personnel had identified and failed to remediate the vulnerability months earlier in January 2019.

Cybersecurity

Cybersecurity Financial Services Risk Compliance

Attackers Use Bots to Circumvent Some Two-Factor Authentication Systems

eSecurity Planet

SEPTEMBER 30, 2021

Underground services are cropping up that are designed to enable bad actors to intercept one-time passwords (OTPs), which are widely used in two-factor authentication programs whose purpose is to better protect customers’ online accounts. By using the services, cybercriminals can gain access to victims’ accounts to steal money.

Authentication

Authentication Phishing Financial Services Passwords

Who’s Behind the ‘Web Listings’ Mail Scam?

Krebs on Security

MARCH 23, 2020

” Historic WHOIS registration records from Domaintools [an advertiser on this blog] say Weblistingsinc.org was registered in Nov. According to Farsight Security , a company that keeps historic records of which Web sites were hosted at which Internet addresses, Weblistingsinc.org was for a while hosted at the IP address 68.169.45.65

Sales

Sales Marketing Financial Services IT

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

Data Matters

MARCH 28, 2022

OCR concludes most cyber-attacks could be prevented or substantially mitigated if HIPAA covered entities and business associates implemented HIPAA Security Rule requirements to address the most common types of attacks. implement a security awareness and training program for all workforce members pursuant to the HIPAA Security Rule.

Cybersecurity

Cybersecurity Privacy Insurance Risk

How Jamworks protects confidentiality while integrating AI advantages

IBM Big Data Hub

JANUARY 12, 2024

For enterprises dealing with sensitive information, it is vital to maintain state-of-the-art data security in order to reap the rewards,” says Stuart Winter, Executive Chairman and Co-Founder at Lacero Platform Limited, Jamworks and Guardian. . “AI is driving a revolution in education, accessibility and productivity.

Cloud

Cloud Data Privacy Encryption Privacy

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

Data Matters

APRIL 20, 2021

The Cybersecurity Guidance is directed at plan sponsors and fiduciaries regulated by the Employee Retirement Income Security Act of 1974 (ERISA) as well as plan participants and beneficiaries. Online Security Tips for plan participants and beneficiaries. Considerations for Plan Sponsors and Other Fiduciaries.

Cybersecurity

Cybersecurity Insurance Risk Compliance

Turning climate risks into business opportunities

IBM Big Data Hub

MARCH 27, 2024

In some business sectors, such as financial services, fast-moving consumer goods and healthcare, business interruptions can have a significant detrimental impact on daily life. Discover how to create a climate risk adaptation strategy The post Turning climate risks into business opportunities appeared first on IBM Blog.

Risk

Risk Artificial Intelligence Agriculture Financial Services

The most valuable AI use cases for business

IBM Big Data Hub

FEBRUARY 14, 2024

But right now, pure AI can be programmed for many tasks that require thought and intelligence , as long as that intelligence can be gathered digitally and used to train an AI system. Generative AI can produce high-quality text, images and other content based on the data used for training. We’re all amazed by what AI can do.

Artificial Intelligence

Artificial Intelligence Retail Unstructured data Insurance

The CFO’s role in the age of generative AI

IBM Big Data Hub

MAY 14, 2024

The IBM Institute for Business Value CEO study on decision-making in the age of AI found the top priorities for CEOs are technology modernization and productivity, while the three biggest challenges are technology modernization, sustainability and security.

Unstructured data

Unstructured data Government Cloud Analytics

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

The Advocate General (AG) delivered his non-binding opinion on the SCCs just before Christmas (see our blog post ). On 20 December, the ICO updated its blog post explaining the work that it has been doing in this area and how it is considering next steps and “evaluating all of the options available”. In the U.S.,

Privacy

Privacy GDPR Data breaches Risk

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. Third-party service provider risk management program.

Cybersecurity

Cybersecurity Compliance Financial Services Risk

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Data Matters

MARCH 12, 2019

Over the last few years, States have enacted increasingly aggressive legislation concerning data privacy and security, raising concerns that companies will be subject to a patchwork of different standards. Aligning the Safeguards Rule with State Regimes.

Privacy

Privacy IT Information Security Insurance

6 Best Threat Intelligence Feeds to Use in 2023

eSecurity Planet

AUGUST 10, 2023

Here are our picks for the top threat intelligence feeds that security teams should consider adding to their defensive arsenal: AlienVault Open Threat Exchange: Best for community-driven threat feeds FBI InfraGard: Best for critical infrastructure security abuse.ch

Cybersecurity

Cybersecurity Access Metadata Energy and Utilities

State Attackers Moving from Stealing Data to Social Meddling

Ascent Innovations

MAY 17, 2018

While modern email security solutions can detect and stop emails with malicious attachments, they are still largely ineffective in detecting hyperlinks to malicious websites. They look to steal credit card numbers from financial services & insurance companies or install malware on the critical systems used by healthcare companies.

Energy and Utilities

Energy and Utilities IoT Mining Financial Services

U.S. Consumer Financial Protection Bureau’s Principles for Data Aggregation Services Could Have Broad Implications

Data Matters

NOVEMBER 13, 2017

Banks are often concerned about the effect of these services on their systems, the commercial value of their data and the security of the information, for which the bank could potentially be held responsible. Security: Consumer data should be accessed, stored, used and distributed securely.

Financial Services

Financial Services Privacy Access Marketing

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

The Advocate General (AG) delivered his non-binding opinion on the SCCs just before Christmas (see our blog post ). On 20 December, the ICO updated its blog post explaining the work that it has been doing in this area and how it is considering next steps and “evaluating all of the options available”. In the U.S.,

Privacy

Privacy GDPR Data breaches Risk

FCA Publishes Wholesale Banks and Asset Management Cyber Multi-Firm Review Findings

Data Matters

FEBRUARY 28, 2019

The review aimed to look more closely at how wholesale banking and asset management firms oversee and manage their cybersecurity, including the extent to which firms identify and mitigate relevant cyber risks and their current capability to respond to and recover from data security incidents.

Cybersecurity

Cybersecurity Risk Marketing Financial Services

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

GUEST ESSAY: Why internal IT teams are ill-equipped to adequately address cyber risks

Trending Sources

The Financial Service and Insurance Industries Need Intelligent Document Processing; Here’s Why

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats

Finance sector must simplify staff awareness training

The convergence of HPC and AI: Driving innovation at speed

Confidential Containers with Red Hat OpenShift Container Platform and IBM® Secure Execution for Linux

Catches of the Month: Phishing Scams for October 2023

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

CyberheistNews Vol 13 #22 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks

5 things to know: Driving innovation with AI and hybrid cloud in the year ahead

5 things to know: IBM Cloud’s mission to accelerate innovation for clients

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

Capital Markets, AI, and the need for governance

Risk Management under the DORA Regulation

CyberheistNews Vol 13 #07 [Scam of the Week] The Turkey-Syria Earthquake

CyberheistNews Vol 13 #25 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches

CyberheistNews Vol 13 #13 [Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks

The Week in Cyber Security and Data Privacy: 8 – 14 January 2024

At IBM Think, partners are front and center

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

The aftermath of an incident – business considerations surrounding record-keeping

Conversational AI use cases for enterprises

The compliance challenges of hybrid working

The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Attackers Use Bots to Circumvent Some Two-Factor Authentication Systems

Who’s Behind the ‘Web Listings’ Mail Scam?

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

How Jamworks protects confidentiality while integrating AI advantages

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

Turning climate risks into business opportunities

The most valuable AI use cases for business

The CFO’s role in the age of generative AI

The Privacy Officers’ New Year’s Resolutions

Transition period under New York Cybersecurity Regulation ends March 1, 2019

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

6 Best Threat Intelligence Feeds to Use in 2023

State Attackers Moving from Stealing Data to Social Meddling

U.S. Consumer Financial Protection Bureau’s Principles for Data Aggregation Services Could Have Broad Implications

The Privacy Officers’ New Year’s Resolutions

FCA Publishes Wholesale Banks and Asset Management Cyber Multi-Firm Review Findings

Stay Connected