Authentication, Financial Services and Risk - Information Management Today

Defending Financial Services Against Fraud in a Shifting Cyber Landscape

Thales Cloud Protection & Licensing

NOVEMBER 13, 2023

Defending Financial Services Against Fraud in a Shifting Cyber Landscape sparsh Tue, 11/14/2023 - 05:05 As we approach International Fraud Awareness Week during 12-18 November 2023, taking stock of the evolving threat landscape and the vulnerabilities that financial services organizations face is crucial.

Financial Services

Financial Services Blockchain Encryption Cloud

DORA: 1 year to go! Key recommendations for Financial Services to improve cybersecurity and resilience in multi-clouds

Thales Cloud Protection & Licensing

JANUARY 16, 2024

Key recommendations for Financial Services to improve cybersecurity and resilience in multi-clouds madhav Wed, 01/17/2024 - 05:46 The Digital Operational Resilience Act (DORA) will apply to the EU financial sector from 17 January 2025. As set out in its Article 2, DORA applies to the entire financial services sector.

Financial Services

Financial Services Cloud Cybersecurity Encryption

IBM Cloud releases 2023 IBM Cloud for Financial Services Agreed-Upon Procedures (AUP) Report

IBM Big Data Hub

MAY 23, 2023

The review report demonstrates to its clients, partners and other interested parties that IBM Cloud services have implemented and adhere to the technical, administrative and physical control requirements of IBM Cloud Framework for Financial Services. What is the IBM Cloud Framework for Financial Services?

Financial Services

Financial Services Cloud Compliance Risk

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. Class A companies are specifically required to: – conduct independent audits of their cybersecurity program based on their risk assessment (500.2(c));

Financial Services

Financial Services Cybersecurity Compliance Government

New York Department of Financial Services Released New Guidance Addressing COVID-19 Related Cybersecurity Risks

HL Chronicle of Data Protection

APRIL 17, 2020

Continuing its focus on COVID-19’s impact on its regulated entities, on April 13, the New York Department of Financial Services (NYDFS) released new cybersecurity guidance in response to the COVID-19 pandemic. Third Party Risk. Remote Working. Third-party vendors may struggle to deal with COVID-19 restrictions.

Financial Services

Financial Services Risk Cybersecurity Phishing

Financial services continue to lead in cybersecurity preparedness, but chinks appear in the armor

Thales Cloud Protection & Licensing

AUGUST 31, 2022

Financial services continue to lead in cybersecurity preparedness, but chinks appear in the armor. It highlights the leadership of financial services in cybersecurity relative to other industries, but it also uncovers some surprising chinks in their cybersecurity armor. Thu, 09/01/2022 - 05:15.

Financial Services

Financial Services Cybersecurity Computer and Electronics Cloud

Risk Management under the DORA Regulation

IT Governance

NOVEMBER 23, 2023

Perhaps even more concerning to EU lawmakers is how dependent society at large is on banking and other financial services. In turn, financial institutions heavily depend on ICT to be able to provide those services to begin with. That really shouldn’t surprise us – these are lucrative targets for cyber criminals.

Risk

Risk Data breaches Authentication Financial Services

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Hunton Privacy

NOVEMBER 23, 2022

On November 9, 2022, the New York Department of Financial Services (NYDFS) released its second, proposed amendments to the Part 500 Cybersecurity Rule. Penetration Testing, Vulnerability Assessments and Risk Assessments. Multifactor Authentication. Cybersecurity Plan.

Financial Services

Financial Services Cybersecurity Ransomware Compliance

Attackers Use Bots to Circumvent Some Two-Factor Authentication Systems

eSecurity Planet

SEPTEMBER 30, 2021

Underground services are cropping up that are designed to enable bad actors to intercept one-time passwords (OTPs), which are widely used in two-factor authentication programs whose purpose is to better protect customers’ online accounts. By using the services, cybercriminals can gain access to victims’ accounts to steal money.

Authentication

Authentication Phishing Financial Services Passwords

What is Cybersecurity Risk Management?

eSecurity Planet

FEBRUARY 11, 2022

Risk management is a concept that has been around as long as companies have had assets to protect. Risk management also extends to physical devices, such as doors and locks to protect homes and vehicles, vaults to protect money and precious jewels, and police, fire, and CCTV to protect against other physical risks.

Risk

Risk Cybersecurity Encryption Access

NY Department of Financial Services Issues Guidance to Regulated Entities Regarding Cybersecurity During the COVID-19 Pandemic

Hunton Privacy

APRIL 22, 2020

On April 13, 2020, the New York Department of Financial Services (“NYDFS”) issued guidance (“April guidance”) to all New York State entities covered under NYDFS’s cybersecurity regulation regarding assessing and addressing heightened cybersecurity risks due to the COVID-19 pandemic.

Financial Services

Financial Services Cybersecurity Phishing Risk

How Multi-factor Authentication Can Benefit Your Industry

Rocket Software

AUGUST 17, 2020

Financial services organizations typically experience the most data breaches and hacks, which makes security a priority. For almost every industry, multi-factor authentication can be beneficial. What is Multi-factor Authentication? E-signatures, however, are a lot more difficult to authenticate and validate.

Authentication

Authentication Financial Services Passwords Insurance

What Is Cross-Site Scripting (XSS)? Types, Risks & Prevention

eSecurity Planet

FEBRUARY 26, 2024

3 Common Types of Cross-Site Scripting Attacks Top 5 Risks Associated with XSS Attacks How to Tell if You’re Vulnerable to XSS Attacks Can You Prevent Cross-Site Scripting? XSS attacks have multiple security and business risks, including credential theft and damaged company reputation.

Risk

Risk Financial Services Security Libraries

Recycle Your Phone, Sure, But Maybe Not Your Number

Krebs on Security

MAY 19, 2021

New research shows how fraudsters can abuse wireless provider websites to identify available, recycled mobile numbers that allow password resets at a range of email providers and financial services online. While you’re at it, consider removing your phone number as a primary or secondary authentication mechanism wherever possible.

Authentication

Authentication Passwords Financial Services Risk

GUEST ESSAY: 7 tips for protecting investor data when it comes to alternative asset trading

The Last Watchdog

JULY 11, 2023

By using real-time antivirus scanning to detect and neutralize security risks as they enter the trading system, threats can be quickly identified and eliminated. Encryption renders data unreadable to unauthorized individuals, significantly reducing the risk of data breaches. •Employ real-time antivirus scanning.

IT

IT Encryption Risk Financial Services

Central Bank Digital Currency (CBDC) and blockchain enable the future of payments

IBM Big Data Hub

AUGUST 17, 2023

This technology has numerous potential applications in the financial services industry, supply chain management, voting systems and more. For example, a government could issue a stimulus package that can only be spent on certain goods and services. Also, CBDC can improve financial inclusion.

Blockchain

Blockchain Financial Services Risk Authentication

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Data Matters

FEBRUARY 25, 2021

This follows the FCA’s announcement in its 2020-21 business plan that payment services were one of its main supervisory priorities 1 and its temporary guidance of July 9, 2020, on prudential risk management and safeguarding in light of the COVID-19 pandemic ( Temporary COVID Guidance ). Prudential risk management.

Authentication

Authentication Paper Risk Insurance

API Security in 2024: Imperva Report Uncovers Rising Threats and the Urgent Need for Action

Thales Cloud Protection & Licensing

MARCH 6, 2024

Nearly one-third (28%) of all DDoS attacks on APIs focus on financial services organizations, the most targeted industry for this type of attack. With an average of 613 APIs per organization, deprecated endpoints or Broken Object Level Authorization (BOLA) heighten the potential risks facing business.

Security

Security Authentication Risk Cybersecurity

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

These recommendations are further detailed below, but two to note in particular: The Advisory recommends that organizations “require multi-factor authentication for all users, without exception.” Require multi-factor authentication (MFA) for all users. Implement centralized log collection and monitoring.

Cybersecurity

Cybersecurity Financial Services Authentication Government

NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations

Hunton Privacy

OCTOBER 24, 2022

On October 18, 2022, the New York State Department of Financial Services (“NYDFS”) announced that EyeMed Vision Care LLC (“EyeMed”) agreed to a $4.5 As part of the settlement, EyeMed agreed to conduct a comprehensive cybersecurity risk assessment and prepare an action plan that addresses the risks identified in that assessment.

Cybersecurity

Cybersecurity Financial Services Risk Phishing

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity

Thales Cloud Protection & Licensing

NOVEMBER 20, 2023

Black Friday and Cyber Monday, both hailed as the epitome of shopping extravagance, are also synonymous with a heightened risk of cyberattacks on retail platforms. It becomes, therefore, essential for retailers to consider the fresh insights provided by the Thales 2023 Data Threat Report – Financial Services Edition.

Retail

Retail Cybersecurity Financial Services Encryption

Stronger customer authentication only way to mitigate risk of bank fraud

Dark Reading

DECEMBER 18, 2012

Without it, or worse, relying on unvalidated resources like personal identifiable information (PII) to identify customers, puts every banking transaction at risk. The recent article, “$850 Million Scheme Exploited Facebook: Authentication, Secure Browsing Would Have Reduced Losses,” illustrates just how important customer authentication is.

Authentication

Authentication Risk Financial Services Phishing

Would You Have Fallen for This Phone Scam?

Krebs on Security

APRIL 28, 2020

As it turned out, calling the phone number on the back of the credit card from the phone number linked with the card provided the most recent transactions without providing any form of authentication.” “I was appalled that Citi would do that. ” Image: Next Caller.

Financial Services

Financial Services Sales Authentication Risk

How Can We Secure The Future of Digital Payments?

Thales Cloud Protection & Licensing

JANUARY 10, 2022

The financial services ecosystem has evolved tremendously over the past few years driven by a surge in the adoption of digital payments. Security is paramount; digital payments are not only authorized but they must be authenticated as well. How Can We Secure The Future of Digital Payments? Tue, 01/11/2022 - 06:35.

Retail

Retail Security Financial Services Authentication

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

Thales Cloud Protection & Licensing

APRIL 29, 2024

Entities designated as "essential" or "important" by member states in all sectors of the economy and public services must implement robust security measures, including proactive risk management, incident reporting, and supply chain security. The DSA introduces tiered obligations based on platform size and reach. PCI DSS 4.0

Compliance

Compliance Cybersecurity Risk Manufacturing

Oracle Critical Patch Update for January 2022 will fix 483 new flaws

Security Affairs

JANUARY 17, 2022

.” The CPU will address critical vulnerabilities in Oracle Essbase, Graph Server and Client, Secure Backup, Communications Applications, Communications, Construction and Engineering, Enterprise Manager, Financial Services Applications, Fusion Middleware, Insurance Applications, PeopleSoft, Support Tools, and Utilities Applications.

Communications

Communications Financial Services Big data Retail

The Most Popular Data Security Webinars of 2022: Sovereignty, Cloud Security and Compliance Top the List

Thales Cloud Protection & Licensing

JANUARY 11, 2023

Throughout 2022, Thales hosted more than 40 webinars on a wide variety of cybersecurity topics, including, cloud security, data sovereignty, compliance, data threat trends, and rethinking approaches to role-based authentication. Security & Compliance for SAP Data in Financial Services.

Compliance

Compliance Cloud Security Financial Services

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Krebs on Security

DECEMBER 13, 2022

“InfraGard connects critical infrastructure owners, operators, and stakeholders with the FBI to provide education, networking, and information-sharing on security threats and risks,” the FBI’s InfraGard fact sheet reads. .” “If it was only the phone I will be in [a] bad situation,” USDoD said.

Sales

Sales Energy and Utilities Communications Data breaches

The Clock is Ticking for PCI DSS 4.0 Compliance

Thales Cloud Protection & Licensing

SEPTEMBER 18, 2023

According to the 2022 Thales Data Threat Report – Financial Services Edition , 52% of U.S. financial services organizations report that they have experienced a data breach in the past. Adapting policies and procedures to the changing business and risk landscape is necessary. million, second only to healthcare.

Compliance

Compliance Financial Services Data breaches Encryption

The Future of Payments Security

Thales Cloud Protection & Licensing

JANUARY 26, 2021

Criminals use personal and financial data to impersonate customers and add apparent authenticity to a scam. Coupled with the fact that only about half of all vulnerabilities in the retail industry are getting patched within the first quarter after discovery, it is easy to understand the risks of being defraud by criminals.

Security

Security Retail Authentication Big data

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

Hunton Privacy

JULY 12, 2021

On June 30, 2021, the New York State Department of Financial Services (“NYDFS,” the “Department”) issued guidance to all New York state regulated entities on ransomware (the “Guidance”), identifying controls it expects regulated companies to implement whenever possible.

Ransomware

Ransomware Security Financial Services Cybersecurity

FFIEC Updates Its Cybersecurity Guidelines For Financial Institutions

ForAllSecure

JANUARY 31, 2023

Therefore, the FFIEC provides guidance on financial regulations and best practices for federal supervisory agencies, as well as helping them develop exam policies for banks, savings associations, credit unions, thrifts, and other financial institutions.

Cybersecurity

Cybersecurity IT Financial Services Risk

Catches of the Month: Phishing Scams for October 2023

IT Governance

OCTOBER 13, 2023

Keeping informed about current attacks is one of the best ways of reducing the risk of falling victim. This month, we look at campaigns targeting Microsoft credentials by abusing open redirects from the job site indeed.com and exploiting LinkedIn Smart Links, and a series of attacks on users of postal services around the world.

Phishing

Phishing Financial Services Manufacturing Personal data

Tackling Data Sovereignty with DDR

Security Affairs

JUNE 20, 2023

These challenges are intensified in industries that handle large volumes of sensitive data under stringent regulations , such as financial services, healthcare, and government sectors. By recognizing the significance of data sovereignty, businesses can take measures to enhance data security and control, mitigating these risks.

Compliance

Compliance Cybersecurity Risk Encryption

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Hunton Privacy

JULY 5, 2023

On June 28, 2023, the New York Department of Financial Services (“NYDFS”) published an updated proposed Second Amendment (“Amendment”) to its Cybersecurity Regulation, 23 NYCRR Part 500. Risk Assessments : NYDFS removed in its entirety the previously proposed requirement under Section 500.9(d)

Cybersecurity

Cybersecurity IT Compliance Financial Services

Navigating the digital wave: Understanding DORA and the role of confidential computing

IBM Big Data Hub

FEBRUARY 5, 2024

The Digital Operational Resilience Act (DORA) marks a significant milestone in the European Union’s (EU) efforts to bolster the operational resilience of the financial sector in the digital age. Article 7 of the draft RTS delves into cryptographic key management, emphasizing the importance of lifecycle management for cryptographic keys.

Encryption

Encryption Data Privacy Compliance Cloud

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

Data Matters

MARCH 28, 2022

OCR’s reminders and recommendations for regulated entities include to: assess and reduce risks and vulnerabilities to the availability of ePHI, which is defined as “the property that data or information is accessible and useable upon demand by an authorized person” pursuant to the HIPAA Security Rule. 45 CFR 164.308(a)(5)(i).

Cybersecurity

Cybersecurity Privacy Insurance Risk

NYDFS settles cybersecurity regulation matter for $1.8 million

Data Protection Report

JUNE 2, 2021

On May 13, 2021, the New York Department of Financial Services (NYDFS) announced a $1.8 Neither affiliate #1 nor affiliate #2 had fully implemented multi-factor authentication at the time nor, according to the settlement, had either affiliate received CISO approval of alternate controls. NYDFS Cybersecurity Regulation.

Cybersecurity

Cybersecurity Insurance Financial Services Phishing

Q&A: Here’s how Google’s labeling HTTP websites “Not Secure” will strengthen the Internet

The Last Watchdog

AUGUST 15, 2018

SSL and TLS come into play in the form of digital certificates issued by Certificate Authorities (CAs) — vendors that diligently verify the authenticity of websites, and then also help the website owners encrypt the information consumers type into web page forms.

Security

Security Encryption Authentication Financial Services

New York SHIELD Act $600,000 settlement

Data Protection Report

FEBRUARY 8, 2022

According to the settlement agreement, the AG concluded that EyeMed’s security practices did not meet the requirements of the SHIELD Act with respect to four requirements: authentication, password management, logging and monitoring, and data retention in the email account. SHIELD Act.

Passwords

Passwords Financial Services Authentication Insurance

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

The Last Watchdog

SEPTEMBER 7, 2022

The technology industry has met the dramatic rise in ransomware and other cyber attacks with an impressive set of tools to help companies mitigate the risks. Healthcare and public health, financial services, and IT organizations are frequent targets, although businesses of all sizes can fall victim to these schemes.

Ransomware

Ransomware Education Phishing Financial Services

NYDFS settles with EyeMed for $4.5 million

Data Protection Report

OCTOBER 24, 2022

On October 18, 2022, the New York Department of Financial Services announced a settlement with EyeMed, a licensed life, accident, and health insurer, with respect to a security incident that occurred in 2020. NYDFS found that none of the assessments addressed the risks associated with the compromised O365 mailbox. Background.

Cybersecurity

Cybersecurity Personal data Risk Financial Services

NYDFS Requires COVID-19 Plans by April 9

Data Protection Report

APRIL 2, 2020

On March 10, 2020, the New York Department of Financial Services (NYDFS) issued guidance to all of its regulated institutions engaged in virtual currency business activity, requiring them to have plans for preparedness to manage the possible operational and financial risks posed by the COVID-19 pandemic.

Risk

Risk Communications Authentication Financial Services

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. Third-party service provider risk management program.

Cybersecurity

Cybersecurity Compliance Financial Services Risk

Defending Financial Services Against Fraud in a Shifting Cyber Landscape

DORA: 1 year to go! Key recommendations for Financial Services to improve cybersecurity and resilience in multi-clouds

Trending Sources

IBM Cloud releases 2023 IBM Cloud for Financial Services Agreed-Upon Procedures (AUP) Report

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

New York Department of Financial Services Released New Guidance Addressing COVID-19 Related Cybersecurity Risks

Financial services continue to lead in cybersecurity preparedness, but chinks appear in the armor

Risk Management under the DORA Regulation

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Attackers Use Bots to Circumvent Some Two-Factor Authentication Systems

What is Cybersecurity Risk Management?

NY Department of Financial Services Issues Guidance to Regulated Entities Regarding Cybersecurity During the COVID-19 Pandemic

How Multi-factor Authentication Can Benefit Your Industry

What Is Cross-Site Scripting (XSS)? Types, Risks & Prevention

Recycle Your Phone, Sure, But Maybe Not Your Number

GUEST ESSAY: 7 tips for protecting investor data when it comes to alternative asset trading

Central Bank Digital Currency (CBDC) and blockchain enable the future of payments

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

API Security in 2024: Imperva Report Uncovers Rising Threats and the Urgent Need for Action

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity

Stronger customer authentication only way to mitigate risk of bank fraud

Would You Have Fallen for This Phone Scam?

How Can We Secure The Future of Digital Payments?

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

Oracle Critical Patch Update for January 2022 will fix 483 new flaws

The Most Popular Data Security Webinars of 2022: Sovereignty, Cloud Security and Compliance Top the List

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

The Clock is Ticking for PCI DSS 4.0 Compliance

The Future of Payments Security

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

FFIEC Updates Its Cybersecurity Guidelines For Financial Institutions

Catches of the Month: Phishing Scams for October 2023

Tackling Data Sovereignty with DDR

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Navigating the digital wave: Understanding DORA and the role of confidential computing

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

NYDFS settles cybersecurity regulation matter for $1.8 million

Q&A: Here’s how Google’s labeling HTTP websites “Not Secure” will strengthen the Internet

New York SHIELD Act $600,000 settlement

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

NYDFS settles with EyeMed for $4.5 million

NYDFS Requires COVID-19 Plans by April 9

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Stay Connected