Authentication, Cybersecurity and Financial Services

Defending Financial Services Against Fraud in a Shifting Cyber Landscape

Thales Cloud Protection & Licensing

NOVEMBER 13, 2023

Defending Financial Services Against Fraud in a Shifting Cyber Landscape sparsh Tue, 11/14/2023 - 05:05 As we approach International Fraud Awareness Week during 12-18 November 2023, taking stock of the evolving threat landscape and the vulnerabilities that financial services organizations face is crucial.

Financial Services

Financial Services Blockchain Encryption Cloud

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. This notice requirement explicitly applies to cybersecurity incidents occurring to the covered entity itself, its affiliates, or a third-party service provider.

Financial Services

Financial Services Cybersecurity Compliance Government

DORA: 1 year to go! Key recommendations for Financial Services to improve cybersecurity and resilience in multi-clouds

Thales Cloud Protection & Licensing

JANUARY 16, 2024

Key recommendations for Financial Services to improve cybersecurity and resilience in multi-clouds madhav Wed, 01/17/2024 - 05:46 The Digital Operational Resilience Act (DORA) will apply to the EU financial sector from 17 January 2025. As set out in its Article 2, DORA applies to the entire financial services sector.

Financial Services

Financial Services Cloud Cybersecurity Encryption

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Hunton Privacy

NOVEMBER 23, 2022

On November 9, 2022, the New York Department of Financial Services (NYDFS) released its second, proposed amendments to the Part 500 Cybersecurity Rule. The proposed amendments revise several aspects of the draft Cybersecurity Rule amendments released on July 29, 2022. Cybersecurity Plan.

Financial Services

Financial Services Cybersecurity Ransomware Compliance

Financial services continue to lead in cybersecurity preparedness, but chinks appear in the armor

Thales Cloud Protection & Licensing

AUGUST 31, 2022

Financial services continue to lead in cybersecurity preparedness, but chinks appear in the armor. It highlights the leadership of financial services in cybersecurity relative to other industries, but it also uncovers some surprising chinks in their cybersecurity armor. Thu, 09/01/2022 - 05:15.

Financial Services

Financial Services Cybersecurity Computer and Electronics Cloud

IBM Cloud releases 2023 IBM Cloud for Financial Services Agreed-Upon Procedures (AUP) Report

IBM Big Data Hub

MAY 23, 2023

The review report demonstrates to its clients, partners and other interested parties that IBM Cloud services have implemented and adhere to the technical, administrative and physical control requirements of IBM Cloud Framework for Financial Services. What is the IBM Cloud Framework for Financial Services?

Financial Services

Financial Services Cloud Compliance Risk

Business Resilience through ‘Zero Trust’: Navigating through People, Process and Platforms

Data Breach Today

SEPTEMBER 23, 2021

CyberEdBoard Executive Member, Maria Filomena Gibe, guest speaks on panel at ISMG Virtual Cybersecurity Summit Asia: Financial Services The panel discusses: • How ‘zero trust’ has made security as a business enabler • Building a multi-factor authentication model based on ‘zero trust’ • Building ‘zero trust’ framework aligned with people, process and (..)

Financial Services

Financial Services Authentication Cybersecurity Security

New York Department of Financial Services Released New Guidance Addressing COVID-19 Related Cybersecurity Risks

HL Chronicle of Data Protection

APRIL 17, 2020

Continuing its focus on COVID-19’s impact on its regulated entities, on April 13, the New York Department of Financial Services (NYDFS) released new cybersecurity guidance in response to the COVID-19 pandemic. However, this shift has created new cybersecurity vulnerabilities and expanded the endpoints that criminals can target.

Financial Services

Financial Services Risk Cybersecurity Phishing

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

These recommendations are further detailed below, but two to note in particular: The Advisory recommends that organizations “require multi-factor authentication for all users, without exception.” Require multi-factor authentication (MFA) for all users. Implement centralized log collection and monitoring.

Cybersecurity

Cybersecurity Financial Services Authentication Government

Business Resilience Through ‘Zero Trust’

Data Breach Today

SEPTEMBER 23, 2021

CyberEdBoard Executive Member Maria Filomena Gibe Speaks on Panel at ISMG Virtual Cybersecurity Summit Asia: Financial Services CyberEdBoard member Maria Filomena Gibe speaks on a panel at ISMG Virtual Cybersecurity Summit Asia: Financial Services.

Financial Services

Financial Services Authentication Cybersecurity Security

NY Department of Financial Services Issues Guidance to Regulated Entities Regarding Cybersecurity During the COVID-19 Pandemic

Hunton Privacy

APRIL 22, 2020

On April 13, 2020, the New York Department of Financial Services (“NYDFS”) issued guidance (“April guidance”) to all New York State entities covered under NYDFS’s cybersecurity regulation regarding assessing and addressing heightened cybersecurity risks due to the COVID-19 pandemic.

Financial Services

Financial Services Cybersecurity Phishing Risk

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity

Thales Cloud Protection & Licensing

NOVEMBER 20, 2023

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity sparsh Tue, 11/21/2023 - 05:01 As global consumers gear up for the much-anticipated shopping bonanza that is Black Friday and Cyber Weekend, retailers brace themselves for the frenzied onslaught of shoppers and the deluge of cyber threats lurking in the shadows.

Retail

Retail Cybersecurity Financial Services Encryption

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Hunton Privacy

JULY 1, 2022

On June 24, 2022, the New York State Department of Financial Services (“NYDFS” or the “Department”) announced it had entered into a $5 million settlement with Carnival Corp. Since Carnival was licensed by the Department to sell insurance in NY State, it was treated as a covered entity under the Cybersecurity Regulation.

Cybersecurity

Cybersecurity Insurance Phishing Financial Services

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Hunton Privacy

JULY 5, 2023

On June 28, 2023, the New York Department of Financial Services (“NYDFS”) published an updated proposed Second Amendment (“Amendment”) to its Cybersecurity Regulation, 23 NYCRR Part 500. On November 9, 2022, NYDFS published a first draft of the proposed Amendment and received comments from stakeholders over a 60-day period.

Cybersecurity

Cybersecurity IT Compliance Financial Services

Attackers Use Bots to Circumvent Some Two-Factor Authentication Systems

eSecurity Planet

SEPTEMBER 30, 2021

Underground services are cropping up that are designed to enable bad actors to intercept one-time passwords (OTPs), which are widely used in two-factor authentication programs whose purpose is to better protect customers’ online accounts. By using the services, cybercriminals can gain access to victims’ accounts to steal money.

Authentication

Authentication Phishing Financial Services Passwords

NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations

Hunton Privacy

OCTOBER 24, 2022

On October 18, 2022, the New York State Department of Financial Services (“NYDFS”) announced that EyeMed Vision Care LLC (“EyeMed”) agreed to a $4.5 The NYDFS’s consent order notes that EyeMed’s failure to comply with the Cybersecurity Regulation left EyeMed vulnerable to threat actors.

Cybersecurity

Cybersecurity Financial Services Risk Phishing

How Multi-factor Authentication Can Benefit Your Industry

Rocket Software

AUGUST 17, 2020

Financial services organizations typically experience the most data breaches and hacks, which makes security a priority. For almost every industry, multi-factor authentication can be beneficial. What is Multi-factor Authentication? E-signatures, however, are a lot more difficult to authenticate and validate.

Authentication

Authentication Financial Services Passwords Insurance

NYDFS settles cybersecurity regulation matter for $3 million

Data Protection Report

APRIL 22, 2021

On April 14, 2021, the New York Department of Financial Services (NYDFS) announced a $3 million settlement with insurance company National Securities Corp. NSC), relating to violations of three different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2020. NYDFS Cybersecurity Regulation.

Cybersecurity

Cybersecurity Financial Services Phishing Compliance

New York State Expected to Increase Enforcement of Cybersecurity Practices

HL Chronicle of Data Protection

FEBRUARY 25, 2020

Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the effective date of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act or Act).

Cybersecurity

Cybersecurity Financial Services Data breaches Insurance

What is Cybersecurity Risk Management?

eSecurity Planet

FEBRUARY 11, 2022

As data and IT infrastructure become more valuable by the day, cybersecurity risk management is increasingly important for enterprises with a steep cost for noncompliance or extensive, unaddressed vulnerabilities. What is Cybersecurity Risk Management? What IT Assets Need Protection? Maintaining Regulatory Compliance.

Risk

Risk Cybersecurity Encryption Access

NYDFS settles cybersecurity regulation matter for $1.8 million

Data Protection Report

JUNE 2, 2021

On May 13, 2021, the New York Department of Financial Services (NYDFS) announced a $1.8 million settlement with two related insurance companies, relating to violations of two different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2019. NYDFS Cybersecurity Regulation.

Cybersecurity

Cybersecurity Insurance Financial Services Phishing

FFIEC Updates Its Cybersecurity Guidelines For Financial Institutions

ForAllSecure

JANUARY 31, 2023

On October 3, 2022, the Federal Financial Institutions Examination Council's ( FFIEC ) updated its 2018 Cybersecurity Resource Guide for Financial Institutions. Financial institutions are expected to assess their own risk profile and implement appropriate measures to ensure the security of customer data.

Cybersecurity

Cybersecurity IT Financial Services Risk

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

Data Matters

MARCH 28, 2022

implement stronger authentication solutions, such as multi-factor authentication. pay careful attention to cybersecurity alerts describing newly discovered vulnerabilities, including those from the Cybersecurity and Infrastructure Security Agency (CISA) and the HHS Health Sector Cybersecurity Coordination Center (HC3).

Cybersecurity

Cybersecurity Privacy Insurance Risk

NY Charges First American Financial for Massive Data Leak

Krebs on Security

JULY 23, 2020

In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. First American Financial Corp. based First American [ NYSE:FAF ] is a leading provider of title insurance and settlement services to the real estate and mortgage industries. Santa Ana, Calif.-based

Insurance

Insurance Financial Services Mining Access

NY Investigates Exposure of 885 Million Mortgage Documents

Krebs on Security

MAY 31, 2019

New York regulators are investigating a weakness that exposed 885 million mortgage records at First American Financial Corp. NYSE:FAF] as the first test of the state’s strict new cybersecurity regulation. No authentication was needed to access the digitized records.

Financial Services

Financial Services Insurance Sales Authentication

API Security in 2024: Imperva Report Uncovers Rising Threats and the Urgent Need for Action

Thales Cloud Protection & Licensing

MARCH 6, 2024

This report serves as a critical wake-up call for company executives and security professionals, emphasizing the urgent need to prioritize API security as a core component of their overall cybersecurity strategy. Cybersecurity has always been a team game. billion, which is linked to the increasing volume of automated attacks on APIs.

Security

Security Authentication Risk Cybersecurity

GUEST ESSAY: 7 tips for protecting investor data when it comes to alternative asset trading

The Last Watchdog

JULY 11, 2023

Having access to a partner focused in cybersecurity brings fresh perspectives and allows for an unbiased evaluation of the systems in use. By working together, a robust cybersecurity framework can be established to protect investor data.

IT

IT Encryption Risk Financial Services

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

Data Matters

APRIL 20, 2021

There just may be a new cybersecurity regulator in town. Department of Labor (DOL) published its first cybersecurity guidance last week ( Cybersecurity Guidance ). The Cybersecurity Guidance is set forth in three parts: Tips for Hiring a Service Provider , directed toward plan sponsors and fiduciaries.

Cybersecurity

Cybersecurity Insurance Risk Compliance

NYDFS Cybersecurity Regulations: A glimpse into the future

Thales Cloud Protection & Licensing

NOVEMBER 27, 2018

The cybersecurity regulation ( 23 NYCRR 500 ) adopted by the New York State Department of Financial Services (NYDFS) is nearly two years old. Leading up to that date, companies have had to meet several milestones including hiring a CISO, encrypting all its non-public consumer data and enabling multi-factor authentication.

Cybersecurity

Cybersecurity Financial Services Encryption Data Privacy

The Most Popular Data Security Webinars of 2022: Sovereignty, Cloud Security and Compliance Top the List

Thales Cloud Protection & Licensing

JANUARY 11, 2023

Throughout 2022, Thales hosted more than 40 webinars on a wide variety of cybersecurity topics, including, cloud security, data sovereignty, compliance, data threat trends, and rethinking approaches to role-based authentication. Security & Compliance for SAP Data in Financial Services. Thu, 01/12/2023 - 05:54. Stay tuned!

Compliance

Compliance Cloud Security Financial Services

Episode 247: Into the AppSec Trenches with Robinhood CSO Caleb Sima

The Security Ledger

DECEMBER 21, 2022

Paul speaks with Caleb Sima, the CSO of the online trading platform Robinhood, about his journey from teenage cybersecurity phenom and web security pioneer, to successful entrepreneur to an executive in the trenches of protecting high value financial services firms from cyberattacks. Read the whole entry. »

Financial Services

Financial Services Cybersecurity Data breaches Authentication

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

Hunton Privacy

JULY 12, 2021

On June 30, 2021, the New York State Department of Financial Services (“NYDFS,” the “Department”) issued guidance to all New York state regulated entities on ransomware (the “Guidance”), identifying controls it expects regulated companies to implement whenever possible.

Ransomware

Ransomware Security Financial Services Cybersecurity

Access:7 flaws impact +150 device models from over 100 manufacturers

Security Affairs

MARCH 8, 2022

Researchers from medical device cybersecurity company CyberMDX have discovered seven serious flaws, collectively tracked as Access:7, in the widely used Axeda platform of IIoT solutions provider PTC. Many IoT and medical devices are affected by seven serious flaws, collectively tracked as Access:7, in widely used Axeda platform.

Manufacturing

Manufacturing Access IoT Authentication

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. Periodic risk-based assessments of third parties. Upcoming certifications.

Cybersecurity

Cybersecurity Compliance Financial Services Risk

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Data Matters

FEBRUARY 25, 2021

This follows the FCA’s announcement in its 2020-21 business plan that payment services were one of its main supervisory priorities 1 and its temporary guidance of July 9, 2020, on prudential risk management and safeguarding in light of the COVID-19 pandemic ( Temporary COVID Guidance ). Authentication code.

Authentication

Authentication Paper Risk Insurance

Tackling Data Sovereignty with DDR

Security Affairs

JUNE 20, 2023

Data-centric distributed resilience (DDR) offers a compelling approach to addressing data sovereignty in cybersecurity. Organizations must hope for the best yet plan for the worst, keeping their data, end users, and company safe from intruders as cybersecurity threats are on the rise.

Compliance

Compliance Cybersecurity Risk Encryption

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

APRIL 30, 2020

Security experts from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe. Researchers from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe.

Financial Services

Financial Services Libraries Encryption Authentication

Disneyland Malware Team: It’s a Puny World After All

Krebs on Security

NOVEMBER 16, 2022

financial services firm Ameriprise uses the domain ameriprise.com; the Disneyland Team’s domain for Ameriprise customers is [link] [brackets added to defang the domain], which displays in the browser URL bar as ? For example, one domain the gang has used since March 2022 is ushank[.]com com — which was created to phish U.S.

Phishing

Phishing Authentication Financial Services Access

US: Coronavirus – Cybersecurity considerations for your newly remote workforce

DLA Piper Privacy Matters

APRIL 2, 2020

Working remotely, or “teleworking,” presents unique cybersecurity challenges to the employer, the employee and the supply chain, especially when being done for the first time in a rapidly changing environment. It is important to note, though, that cybersecurity regulation is generally sector-specific.

Cybersecurity

Cybersecurity Phishing Authentication Access

February 15 deadline looms for first DFS Cybersecurity Certification

Data Protection Report

FEBRUARY 8, 2018

February 15, 2018, is quickly approaching and any entity subject to New York’s cybersecurity regulation (23 NYCRR Part 500) must file its first annual certification of compliance with the New York State Department of Financial Services (DFS) by that date.

Cybersecurity

Cybersecurity Financial Services Compliance Insurance

Catches of the Month: Phishing Scams for October 2023

IT Governance

OCTOBER 13, 2023

October is both Cybersecurity Awareness Month in the US and European Cyber Security Month in the EU – twin campaigns on either side of the Atlantic that aim to improve awareness of the importance of cyber security both at work and at home, and provide tips on how to stay secure.

Phishing

Phishing Financial Services Manufacturing Personal data

New York Updates Cybersecurity Regulation for Financial Institutions

Hunton Privacy

JANUARY 3, 2017

On December 28, 2016, the New York State Department of Financial Services (“DFS”) announced an updated version of its cybersecurity regulation for financial institutions (the “Updated Regulation”). The Updated Regulation will become effective on March 1, 2017.

Cybersecurity

Cybersecurity Financial Services Authentication Information Security

New York SHIELD Act $600,000 settlement

Data Protection Report

FEBRUARY 8, 2022

According to the settlement agreement, the AG concluded that EyeMed’s security practices did not meet the requirements of the SHIELD Act with respect to four requirements: authentication, password management, logging and monitoring, and data retention in the email account. SHIELD Act.

Passwords

Passwords Financial Services Authentication Insurance

Scary Fraud Ensues When ID Theft & Usury Collide

Krebs on Security

JANUARY 25, 2022

Although he didn’t technically have an account with MSF, their authentication system is based on email addresses, so Jim requested that a password reset link be sent to his email address. ” According to the Native American Financial Services Association (NAFSA), a trade group in Washington, D.C.

Financial Services

Financial Services IT Data breaches Authentication

Defending Financial Services Against Fraud in a Shifting Cyber Landscape

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Webinars

Trending Sources

DORA: 1 year to go! Key recommendations for Financial Services to improve cybersecurity and resilience in multi-clouds

Webinars

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Financial services continue to lead in cybersecurity preparedness, but chinks appear in the armor

IBM Cloud releases 2023 IBM Cloud for Financial Services Agreed-Upon Procedures (AUP) Report

Business Resilience through ‘Zero Trust’: Navigating through People, Process and Platforms

New York Department of Financial Services Released New Guidance Addressing COVID-19 Related Cybersecurity Risks

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Business Resilience Through ‘Zero Trust’

NY Department of Financial Services Issues Guidance to Regulated Entities Regarding Cybersecurity During the COVID-19 Pandemic

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Attackers Use Bots to Circumvent Some Two-Factor Authentication Systems

NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations

How Multi-factor Authentication Can Benefit Your Industry

NYDFS settles cybersecurity regulation matter for $3 million

New York State Expected to Increase Enforcement of Cybersecurity Practices

What is Cybersecurity Risk Management?

NYDFS settles cybersecurity regulation matter for $1.8 million

FFIEC Updates Its Cybersecurity Guidelines For Financial Institutions

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

NY Charges First American Financial for Massive Data Leak

NY Investigates Exposure of 885 Million Mortgage Documents

API Security in 2024: Imperva Report Uncovers Rising Threats and the Urgent Need for Action

GUEST ESSAY: 7 tips for protecting investor data when it comes to alternative asset trading

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

NYDFS Cybersecurity Regulations: A glimpse into the future

The Most Popular Data Security Webinars of 2022: Sovereignty, Cloud Security and Compliance Top the List

Episode 247: Into the AppSec Trenches with Robinhood CSO Caleb Sima

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

Access:7 flaws impact +150 device models from over 100 manufacturers

Transition period under New York Cybersecurity Regulation ends March 1, 2019

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Tackling Data Sovereignty with DDR

EventBot, a new Android mobile targets financial institutions across Europe

Disneyland Malware Team: It’s a Puny World After All

US: Coronavirus – Cybersecurity considerations for your newly remote workforce

February 15 deadline looms for first DFS Cybersecurity Certification

Catches of the Month: Phishing Scams for October 2023

New York Updates Cybersecurity Regulation for Financial Institutions

New York SHIELD Act $600,000 settlement

Scary Fraud Ensues When ID Theft & Usury Collide

Stay Connected