Analysis, Cybersecurity, Financial Services and Government

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. This notice requirement explicitly applies to cybersecurity incidents occurring to the covered entity itself, its affiliates, or a third-party service provider.

Financial Services

Financial Services Cybersecurity Compliance Government

Accelerate hybrid cloud transformation through IBM Cloud for Financial Service Validation Program

IBM Big Data Hub

APRIL 4, 2024

The cloud represents a strategic tool to enable digital transformation for financial institutions As the banking and other regulated industry continues to shift toward a digital-first approach, financial entities are eager to use the benefits of digital disruption. Most of these new technologies are born-in-cloud.

Financial Services

Financial Services Cloud Compliance Digital transformation

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Hunton Privacy

JULY 5, 2023

On June 28, 2023, the New York Department of Financial Services (“NYDFS”) published an updated proposed Second Amendment (“Amendment”) to its Cybersecurity Regulation, 23 NYCRR Part 500. As described below, senior governing bodies would have new oversight responsibilities under the amendments.

Cybersecurity

Cybersecurity IT Compliance Financial Services

Cybersecurity agencies published a joint LockBit ransomware advisory

Security Affairs

JUNE 15, 2023

According to a joint advisory published by cybersecurity agencies, the LockBit ransomware group has successfully extorted roughly $91 million in about 1,700 attacks against U.S. 16% of the State, Local, Tribal, and Tribunal (SLTT) government ransomware incidents reported to the MS-ISAC is 2022 were LockBit attacks. law enforcement).

Ransomware

Ransomware Cybersecurity Agriculture Education

What can AI and generative AI do for governments?

IBM Big Data Hub

SEPTEMBER 20, 2023

When implemented in a responsible way—where the technology is fully governed, privacy is protected and decision making is transparent and explainable—AI has the power to usher in a new era of government services. AI’s value is not limited to advances in industry and consumer products alone.

Government

Government Artificial Intelligence Privacy Digital transformation

Resecurity Released a 2024 Cyber Threat Landscape Forecast

Security Affairs

DECEMBER 26, 2023

Cybersecurity company Resecurity has published the 2024 Cyber Threat Landscape Forecast. Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 100 and government agencies worldwide, has compiled a comprehensive forecast outlining the imminent threats and novel security challenges anticipated in the upcoming year.

Energy and Utilities

Energy and Utilities Artificial Intelligence Ransomware Data breaches

Was RI Advice a watershed for cybersecurity law in Australia or a damp squib?

Data Protection Report

MAY 25, 2022

Boards and organisations should assess their cybersecurity risk management activities in light of the decision and ask whether current approaches are adequately resourced and operating effectively? Despite these requirements, RI Advice’s ARs suffered nine cybersecurity incidents in the period from 2014 to 2021. Introduction.

Cybersecurity

Cybersecurity Risk Financial Services Retail

FCA sets out plans to make Big Tech a priority and provides update on its approach to AI

Data Protection Report

APRIL 23, 2024

He noted that whilst the growing emergence of Big Tech in financial services has already made life easier for consumers, it remains unclear how valuable their data will become in financial markets. cybersecurity, financial stability, interconnectedness, data concerns or market integrity).

Financial Services

Financial Services IT Marketing Retail

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Krebs on Security

FEBRUARY 9, 2023

Department of the Treasury says the Trickbot group is associated with Russian intelligence services, and that this alliance led to the targeting of many U.S. companies and government entities. In September 2021, the Kremlin issued treason charges against Ilya Sachkov , formerly head of the cybersecurity firm Group-IB.

Ransomware

Ransomware Government Cybersecurity Blockchain

FFIEC Announces Plans to Update Cybersecurity Guidance in Wake of Cybersecurity Assessments

Hunton Privacy

NOVEMBER 4, 2014

The Report summarizes themes from the assessments and provides suggested questions for chief executive officers and boards of directors to ask when assessing their institutions’ cybersecurity preparedness. In light of the assessments, the FFIEC announced that its members will review and update current FFIEC cybersecurity guidance.

Cybersecurity

Cybersecurity Financial Services Risk Government

What is a Cyberattack? Types and Defenses

eSecurity Planet

JUNE 16, 2022

However, basic cybersecurity tools and practices, like patching , strong passwords , and multi-factor authentication (MFA), “can prevent 80 to 90% of cyberattacks,” said Anne Neuberger, deputy national security advisor for cyber and emerging technologies, during a White House press conference in Sept. The average cost of a breach is $3.6

Ransomware

Ransomware Cybersecurity Phishing Encryption

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6 CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6 CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6

Security

Security Data breaches Ransomware Artificial Intelligence

Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs

Security Affairs

OCTOBER 6, 2021

The majority of intercepted credentials by Agent Tesla related to financial services, online-retailers, e-government systems and personal and business e-mail accounts. . Researchers found active instances of Agent Tesla and developed a mechanism to enumerate the affected clients and extract compromised data.

Financial Services

Financial Services Retail Education Information Security

Top 10 Governance, Risk and Compliance (GRC) Vendors

eSecurity Planet

JANUARY 21, 2021

Governance, risk, and compliance (GRC) software helps businesses manage all of the necessary documentation and processes for ensuring maximum productivity and preparedness. Third-party governance. IT governance and security. Privacy governance and management. IT risk & cybersecurity management.

Compliance

Compliance Risk Government Retail

GUEST ESSAY: 5 security steps all companies should adopt from the Intelligence Community

The Last Watchdog

DECEMBER 6, 2018

And, in doing so, the IC has developed an effective set of data handling and cybersecurity best practices. This cycle takes a holistic approach to detecting and deterring external threats and enforcing best-of-class data governance procedures. Related video: Using the NIST framework as a starting point. Collection. Processing.

Security

Security Financial Services Manufacturing Data collection

6 Best Threat Intelligence Feeds to Use in 2023

eSecurity Planet

AUGUST 10, 2023

Threat intelligence feeds are continually updated streams of data that inform users of different cybersecurity threats, their sources, and any infrastructure impacted or at risk of being impacted by those threats. The massive, crowdsourced approach OTX takes limits the possibility of effective quality assurance.

Cybersecurity

Cybersecurity Access Metadata Energy and Utilities

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

Hunton Privacy

FEBRUARY 6, 2015

On February 3, 2015, the Securities and Exchange Commission (“SEC”) released a Risk Alert , entitled Cybersecurity Examination Sweep Summary, summarizing observations from the recent round of cybersecurity examinations of registered broker-dealers and investment advisers under the Cybersecurity Examination Initiative.

Cybersecurity

Cybersecurity Insurance Financial Services Risk

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Last Watchdog

JANUARY 30, 2019

Turn the corner into 2019 and we find Citigroup, CapitalOne, Wells Fargo and HSBC Life Insurance among a host of firms hitting the crisis button after their customers’ records turned up on a database of some 24 million financial and banking documents found parked on an Internet-accessible server — without so much as password protection.

Risk

Risk Financial Services Insurance Cybersecurity

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

See the Top Governance, Risk and Compliance (GRC) Tools. Other industry standards too can have the force of “pseudo-law” – notably, the NIST Cybersecurity Framework, which federal regulators often apply to financial-services firms and government contractors. PIPL Raises the Bar – And the Stakes.

Data Privacy

Data Privacy Compliance Privacy Security

Hundreds of malicious Chrome browser extensions used to spy on you!

Security Affairs

JUNE 20, 2020

Malicious Chrome browser extensions were used in a massive surveillance campaign aimed at users working in the financial services, oil and gas, media and entertainment, healthcare, government organizations, and pharmaceuticals. ” reads the analysis published by Awake Security.

Healthcare

Healthcare Financial Services Communications Security

Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild

Security Affairs

FEBRUARY 26, 2019

.” reads the technical analysis published by Ambionics security. ” Cybersecurity experts at Imperva observed hundreds of attacks against its customers exploiting the CVE-2019-6340 flaw on February 23. ” reads the analysis published by Imperva. ” reads the post from Imperva.

Financial Services

Financial Services CMS Government Security

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

IT Governance

NOVEMBER 13, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. The post The Week in Cyber Security and Data Privacy: 6 – 12 November 2023 appeared first on IT Governance UK Blog. In the meantime, if you missed it, check out last week’s round-up.

Data Privacy

Data Privacy Privacy Security Data breaches

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

Hunton Privacy

FEBRUARY 25, 2021

As reported on the Hunton Insurance Recovery blog , on February 4, 2021, the New York Department of Financial Services (“NYDFS”), which regulates the business of insurance in New York, has issued guidelines, in the Insurance Circular Letter No. billion were made under property/casualty policies that were silent about cyber risks.

Insurance

Insurance Cybersecurity Risk Education

Top GRC Tools & Software for 2021

eSecurity Planet

JANUARY 21, 2021

Governance, risk, and compliance (GRC) software helps businesses manage all of the necessary documentation and processes for ensuring maximum productivity and preparedness. Third-party governance. IT governance and security. Privacy governance and management. IT risk & cybersecurity management.

Compliance

Compliance Risk Government Retail

Top 12 Cloud Security Best Practices for 2021

eSecurity Planet

SEPTEMBER 10, 2021

CloudPassage’s 2021 AWS Cloud Security Report found that misconfiguration of cloud platforms (71 percent), exfiltration of sensitive data (59 percent), and insecure APIs (54 percent) are the top cloud security threats facing cybersecurity professionals. Read more: Best Cybersecurity Awareness Training for Employees in 2021.

Cloud

Cloud Security Encryption Risk

Ransomware Protection in 2021

eSecurity Planet

FEBRUARY 16, 2021

Forensic Analysis. Only 38% of state and local government employees are trained for ransomware prevention, and only 29% of small businesses have experience with ransomware ( IBM ). Healthcare and financial services are the most attacked industries. Enterprise mobility management (EMM) is one solution. Statistics.

Ransomware

Ransomware Encryption Insurance Cloud

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Data Matters

FEBRUARY 25, 2021

Further, the FCA has confirmed its position set out in the Temporary COVID Guidance that it expects the senior management or governing body of an EMI or PI to document, review, and approve — at least annually — the design and results of the firm’s stress testing. Transaction risk analysis.

Authentication

Authentication Paper Risk Insurance

Infosource Global Capture & IDP Vertical Market Analysis 2022-2023 Update

Info Source

DECEMBER 8, 2023

The lack of Telecoms infrastructure and digital skill development presents a hurdle; however, where investments by local government or overarching organisations close the gap, they will enable in particular economies with young populations. The Public Sector, which consists of Federal, State and Local Government (incl.

Marketing

Marketing Customer Experience Energy and Utilities Digital transformation

CISA issues proposed rules for cyber incident reporting in critical infrastructure

Data Protection Report

APRIL 9, 2024

On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (“CISA”) published a Notice of Proposed Rulemaking for the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”), which imposes new reporting requirements for entities operating in critical infrastructure sectors.

Ransomware

Ransomware Agriculture Cybersecurity Government

Best Fraud Management Systems & Detection Tools in 2022

eSecurity Planet

SEPTEMBER 16, 2022

Also called “fraud prevention tools,” these solutions are designed to enhance and aid in the analysis, detection, and management of fraud and other illicit activities across all aspects of a business. Finally, it also is useful for companies looking for a governance, risk, compliance ( GRC ) solution. million in losses.

Analytics

Analytics Risk Authentication Financial Services

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

APRIL 23, 2018

Recent guidance from the Securities and Exchange Commission (SEC) on disclosure and enforcement actions by the Federal Trade Commission (FTC) make clear that cybersecurity is no longer a niche topic, but a concern significant enough to warrant the oversight of corporate boards of directors. Creating an enterprise-wide governance structure.

Cybersecurity

Cybersecurity Risk Passwords Authentication

Best Managed Security Service Providers (MSSPs)

eSecurity Planet

JANUARY 27, 2022

billion by 2026, driven not only by remote working and growing cyber threats but also by a massive cybersecurity skills shortage , the demands of government regulations , and the simple cost benefits of outsourcing. What are the strategies and processes behind the vendor’s managed services? billion in 2021 to $43.7

Security

Security Cloud Compliance Analytics

Best Digital Forensics Tools & Software for 2021

eSecurity Planet

AUGUST 13, 2021

While several open-source tools exist for disk and data capture, network analysis, and specific device forensics, a growing number of vendors are building off what’s publicly available. Critical capabilities include timeline analysis, hash filtering, file and folder flagging, and multimedia extraction. The Sleuth Kit and Autopsy.

e-Discovery

e-Discovery Computer and Electronics Marketing Compliance

Congress Passes Cyber Incident Reporting for Critical Infrastructure Act of 2022

Data Matters

MARCH 21, 2022

Congress has passed a significant new cybersecurity law that will require critical infrastructure entities to report material cybersecurity incidents and ransomware payments to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 and 24 hours, respectively. Background.

Ransomware

Ransomware Cybersecurity Agriculture Communications

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

IT Governance

MARCH 11, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. 66,702,148 known records breached in 103 newly disclosed incidents Welcome to this week’s global round-up of the biggest and most interesting news stories.

Data Privacy

Data Privacy Privacy Security Data breaches

OCR and Health Care Industry Cybersecurity Task Force Publish Cybersecurity Materials

Hunton Privacy

JUNE 12, 2017

Department of Health and Human Services’ Office for Civil Rights (“OCR”) and the Health Care Industry Cybersecurity Task Force (the “Task Force”) have published important materials addressing cybersecurity in the health care industry. The OCR checklist , entitled “My entity just experienced a cyber-attack! What do we do now?,”

Cybersecurity

Cybersecurity Computer and Electronics Education Financial Services

FFIEC Guidance on Authentication and Access to Financial Institution Services and Systems

Data Matters

AUGUST 17, 2021

The Guidance stresses the importance of a financial institution’s performing a risk assessment, both before implementing a new financial service and periodically, as a useful tool for identifying threats and to determine when authentication controls are deemed ineffective. inventory of digital banking services and customers.

Authentication

Authentication Access Risk Financial Services

The Week in Cyber Security and Data Privacy: 8 – 14 January 2024

IT Governance

JANUARY 16, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. GB Rebekah Children’s Services Source (New) Non-profit USA Yes 2,805 Butte School District Source 1 ; source 2 (Update) Education USA Yes 2,658 Dignity Health Nevada St.

Data Privacy

Data Privacy Privacy Manufacturing Retail

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

IT Governance

DECEMBER 11, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. The post The Week in Cyber Security and Data Privacy: 4 – 10 December 2023 appeared first on IT Governance UK Blog. In the meantime, if you missed it, check out last week’s round-up.

Data Privacy

Data Privacy Energy and Utilities Privacy Manufacturing

Researchers shared the lists of victims of SolarWinds hack

Security Affairs

DECEMBER 22, 2020

Researchers from multiple cybersecurity firms published a list that contains major companies, including Cisco , Deloitte, Intel, Mediatek, and Nvidia. ” reported the analysis published by Prevasio. .” ” reported the analysis published by Prevasio. com ) for each of the compromised organizations.

Communications

Communications Manufacturing Financial Services Insurance

Top Cybersecurity Startups to Watch in 2022

eSecurity Planet

JANUARY 11, 2022

Information security products , services, and professionals have never been in higher demand, making for a world of opportunities for cybersecurity startups. Investors recognize the potential too, as funding for cybersecurity ventures more than doubled from previous years to almost $22 billion in 2021. Series B SECURITI.ai

Cybersecurity

Cybersecurity Cloud Compliance Analytics

The Business of Data Newsletter – Issue 7 (7 December 2018)

Information Matters

DECEMBER 7, 2018

It is therefore of great interest to many less data-rich businesses, and indeed governments. “The global ‘data sphere’ could grow from 33 to 175 zettabytes by 2025, and industries such as Financial Services, Manufacturing, Healthcare, and Media and Entertainment are helping to define this new era of data growth.

IoT

IoT Blockchain Personal data Analytics

California Consumer Privacy Act: The Challenge Ahead — Introduction to Hogan Lovells’ Blog Series

HL Chronicle of Data Protection

SEPTEMBER 12, 2018

Each post will provide analysis of key legal issues implicated by the CCPA along with practical takeaways. We will explore the ramifications for businesses of this seminal legislation in this multi-part series, The Challenge Ahead, authored by members of Hogan Lovells’ CCPA team. provide additional CCPA analyses and reports.

Privacy

Privacy Compliance GDPR Data breaches

GUEST ESSAY: Data poverty is driving the growth of cybercrime – here’s how to reverse the trend

The Last Watchdog

JUNE 7, 2021

The current state of data in cybersecurity is a tale of The Haves and The Have-WAY-mores. Cybersecurity should not be one of them. The simple truth is that no cybersecurity company can compete with the data stacks of the FAAMG behemoths, which is why cybercrime is seeing a 63 percent boost over the past year. Cybercrime.

Cybersecurity

Cybersecurity Financial Services Privacy Insurance

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Accelerate hybrid cloud transformation through IBM Cloud for Financial Service Validation Program

Trending Sources

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Cybersecurity agencies published a joint LockBit ransomware advisory

What can AI and generative AI do for governments?

Resecurity Released a 2024 Cyber Threat Landscape Forecast

Was RI Advice a watershed for cybersecurity law in Australia or a damp squib?

FCA sets out plans to make Big Tech a priority and provides update on its approach to AI

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

FFIEC Announces Plans to Update Cybersecurity Guidance in Wake of Cybersecurity Assessments

What is a Cyberattack? Types and Defenses

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs

Top 10 Governance, Risk and Compliance (GRC) Vendors

GUEST ESSAY: 5 security steps all companies should adopt from the Intelligence Community

6 Best Threat Intelligence Feeds to Use in 2023

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

Security Compliance & Data Privacy Regulations

Hundreds of malicious Chrome browser extensions used to spy on you!

Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

Top GRC Tools & Software for 2021

Top 12 Cloud Security Best Practices for 2021

Ransomware Protection in 2021

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Infosource Global Capture & IDP Vertical Market Analysis 2022-2023 Update

CISA issues proposed rules for cyber incident reporting in critical infrastructure

Best Fraud Management Systems & Detection Tools in 2022

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Best Managed Security Service Providers (MSSPs)

Best Digital Forensics Tools & Software for 2021

Congress Passes Cyber Incident Reporting for Critical Infrastructure Act of 2022

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

OCR and Health Care Industry Cybersecurity Task Force Publish Cybersecurity Materials

FFIEC Guidance on Authentication and Access to Financial Institution Services and Systems

The Week in Cyber Security and Data Privacy: 8 – 14 January 2024

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

Researchers shared the lists of victims of SolarWinds hack

Top Cybersecurity Startups to Watch in 2022

The Business of Data Newsletter – Issue 7 (7 December 2018)

California Consumer Privacy Act: The Challenge Ahead — Introduction to Hogan Lovells’ Blog Series

GUEST ESSAY: Data poverty is driving the growth of cybercrime – here’s how to reverse the trend

Stay Connected