Cybersecurity, Financial Services, Government and Security

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. This notice requirement explicitly applies to cybersecurity incidents occurring to the covered entity itself, its affiliates, or a third-party service provider.

Financial Services

Financial Services Cybersecurity Compliance Government

Accelerate hybrid cloud transformation through IBM Cloud for Financial Service Validation Program

IBM Big Data Hub

APRIL 4, 2024

The cloud represents a strategic tool to enable digital transformation for financial institutions As the banking and other regulated industry continues to shift toward a digital-first approach, financial entities are eager to use the benefits of digital disruption. Most of these new technologies are born-in-cloud.

Financial Services

Financial Services Cloud Compliance Digital transformation

Data Protection in Financial Services Week 2022

Data Matters

FEBRUARY 25, 2022

Sidley and OneTrust DataGuidance are pleased to announce that registration is now open for their annual Data Protection in Financial Services (DPFS) Week. Join us from February 28 – March 3 for DPFS Week 2022 , a series of webinars looking at the impacts of data privacy across the financial sector.

Financial Services

Financial Services Privacy Data Privacy Cybersecurity

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Financial services continue to lead in cybersecurity preparedness, but chinks appear in the armor

Thales Cloud Protection & Licensing

AUGUST 31, 2022

Financial services continue to lead in cybersecurity preparedness, but chinks appear in the armor. However, all this attention from cyber criminals, as well as regulators and governments, has produced an extremely resilient industry with some of the best cyber security practices of any sector.

Financial Services

Financial Services Cybersecurity Computer and Electronics Cloud

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Hunton Privacy

NOVEMBER 23, 2022

On November 9, 2022, the New York Department of Financial Services (NYDFS) released its second, proposed amendments to the Part 500 Cybersecurity Rule. The proposed amendments revise several aspects of the draft Cybersecurity Rule amendments released on July 29, 2022. Cybersecurity Plan.

Financial Services

Financial Services Cybersecurity Ransomware Compliance

Market Leading Cybersecurity and National Security Lawyers David Lashway and John Woods Join Sidley in Washington, D.C.

Data Matters

MAY 4, 2022

. – Sidley announced today that David Lashway and John Woods have joined as partners in the firm’s Privacy and Cybersecurity practice in Washington, D.C. Mr. Lashway and Mr. Woods join Sidley from Baker McKenzie where they started and led the global cybersecurity practice group for over 10 years. political parties.

Cybersecurity

Cybersecurity Marketing Security Privacy

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Hunton Privacy

JULY 5, 2023

On June 28, 2023, the New York Department of Financial Services (“NYDFS”) published an updated proposed Second Amendment (“Amendment”) to its Cybersecurity Regulation, 23 NYCRR Part 500. As described below, senior governing bodies would have new oversight responsibilities under the amendments.

Cybersecurity

Cybersecurity IT Compliance Financial Services

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

The advisory was promptly endorsed by the National Cyber Security Centre, a division of Government Communications Headquarters (“GCHQ”), a UK intelligence agency. government, especially in light of ongoing tensions between the U.S. Like an incident response plan, MFA has become a critical element of cybersecurity programs.

Cybersecurity

Cybersecurity Financial Services Authentication Government

Cybersecurity agencies published a joint LockBit ransomware advisory

Security Affairs

JUNE 15, 2023

According to a joint advisory published by cybersecurity agencies, the LockBit ransomware group has successfully extorted roughly $91 million in about 1,700 attacks against U.S. 16% of the State, Local, Tribal, and Tribunal (SLTT) government ransomware incidents reported to the MS-ISAC is 2022 were LockBit attacks. law enforcement).

Ransomware

Ransomware Cybersecurity Agriculture Education

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity

Thales Cloud Protection & Licensing

NOVEMBER 20, 2023

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity sparsh Tue, 11/21/2023 - 05:01 As global consumers gear up for the much-anticipated shopping bonanza that is Black Friday and Cyber Weekend, retailers brace themselves for the frenzied onslaught of shoppers and the deluge of cyber threats lurking in the shadows.

Retail

Retail Cybersecurity Financial Services Encryption

NY Department of Financial Services Issues Reminder for Cybersecurity Filing Deadline

Hunton Privacy

JANUARY 24, 2018

On January 22, 2018, the New York Department of Financial Services (“NYDFS”) issued a press release reminding entities covered by its cybersecurity regulation that the first certification of compliance with the regulation is due on or prior to February 15, 2018.

Financial Services

Financial Services Cybersecurity Compliance Insurance

U.S. banking regulators order banks to notify cybersecurity incidents in 36 hours

Security Affairs

NOVEMBER 20, 2021

banking regulators have approved a new rule that orders banks to notify federal regulators of significant cybersecurity incidents within 36 hours. banking regulators this week approved a rule that obliges banks to report any major cybersecurity incidents to the government within 36 hours of discovery. Pierluigi Paganini.

Cybersecurity

Cybersecurity Financial Services Insurance Ransomware

SHARED INTEL: Poll highlights the urgency to balance digital resiliency, cybersecurity

The Last Watchdog

SEPTEMBER 21, 2022

Yet, with all these changes, the specter of security breaches remains high. This explains the rise and popularity of Zero Trust as a framework for securing networks in these new realities as an effective tool to drive cybersecurity initiatives within the entire enterprise. and Eastern Europe, which favor public cloud.

Cybersecurity

Cybersecurity Digital transformation Cloud Financial Services

Putting data storage at the forefront of cloud security

IBM Big Data Hub

NOVEMBER 7, 2023

Recent advances in areas like AI and quantum computing offer transformative potential for businesses, but may also bring new risks and security challenges. IBM is working to address these challenges and evolving threats by helping organizations support highly secure, resilient and durable storage through technology like Cloud Object Storage.

Cloud

Cloud Financial Services Security Compliance

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Hunton Privacy

JULY 1, 2022

On June 24, 2022, the New York State Department of Financial Services (“NYDFS” or the “Department”) announced it had entered into a $5 million settlement with Carnival Corp. Since Carnival was licensed by the Department to sell insurance in NY State, it was treated as a covered entity under the Cybersecurity Regulation.

Cybersecurity

Cybersecurity Insurance Phishing Financial Services

2024 Tech and Cybersecurity Forecast: Navigating New Frontiers in Business

Thales Cloud Protection & Licensing

DECEMBER 20, 2023

2024 Tech and Cybersecurity Forecast: Navigating New Frontiers in Business madhav Thu, 12/21/2023 - 05:15 People always want to comprehend what the future brings. 2024 promises to be a pivotal year, bringing transformative advancements and new challenges in tech and cybersecurity. This necessitates a shift in cybersecurity strategies.

Cybersecurity

Cybersecurity Blockchain Artificial Intelligence Encryption

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

FEBRUARY 10, 2021

On February 4, 2021, the New York Department of Financial Services (NYDFS) issued Circular Letter No. Lacewell stated that cybersecurity is the biggest risk for government and private organizations and described how the Framework is based on “extensive dialogue with industry and experts.”. Obtain Cybersecurity Expertise.

Insurance

Insurance Financial Services Cybersecurity Risk

What is Cybersecurity Risk Management?

eSecurity Planet

FEBRUARY 11, 2022

As data and IT infrastructure become more valuable by the day, cybersecurity risk management is increasingly important for enterprises with a steep cost for noncompliance or extensive, unaddressed vulnerabilities. What is Cybersecurity Risk Management? Also read : Top Governance, Risk, and Compliance (GRC) Tools for 2022.

Risk

Risk Cybersecurity Encryption Access

Building for operational resilience in the age of AI and hybrid cloud

IBM Big Data Hub

MARCH 20, 2024

For highly regulated industries, these challenges take on an entirely new level of expectation as they navigate evolving regulatory landscape and manage requirements for privacy, resiliency, cybersecurity, data sovereignty and more. This means actively minimizing downtime and closing gaps in the supply chain to remain competitive.

Cloud

Cloud Financial Services Risk Business Services

Resecurity Released a 2024 Cyber Threat Landscape Forecast

Security Affairs

DECEMBER 26, 2023

Cybersecurity company Resecurity has published the 2024 Cyber Threat Landscape Forecast. Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 100 and government agencies worldwide, has compiled a comprehensive forecast outlining the imminent threats and novel security challenges anticipated in the upcoming year.

Energy and Utilities

Energy and Utilities Artificial Intelligence Ransomware Data breaches

$8 million penalty to NYDFS – and another case of over-retention

Data Protection Report

JANUARY 18, 2024

On January 3, 2024, the New York Department of Financial Services announced a consent order with GGT, where GGT agreed to pay NYDFS $8 million and to surrender its BitLicense (for cryptocurrency trading), due to alleged violations of NYDFS’ cybersecurity and its virtual currency regulations.

Cybersecurity

Cybersecurity Financial Services Compliance Encryption

Delivering security and scalability in today’s business landscape requires more than setting up a front line of defense

IBM Big Data Hub

DECEMBER 14, 2023

A cybersecurity strategy is not solely about managing risk across a business’ IT infrastructure.   When done correctly, cybersecurity can be a strategic initiative that supports product capability, organizational effectiveness and customer relationships. . 

Cloud

Cloud Security Data breaches Cybersecurity

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Data breaches Ransomware Artificial Intelligence

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. GDPR (among other legal requirements in the EU and elsewhere) can expose multinational organizations to hefty financial penalties, additional rules for disclosing data breaches, and increased scrutiny of the adequacy of their data security.

Data Privacy

Data Privacy Compliance Privacy Security

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

On June 15, 2021, the SEC announced settled charges against First American Title Insurance Company (First American) for disclosure controls and procedures violations related to a cybersecurity vulnerability that exposed sensitive customer information. This resolution highlights the SEC’s continued focus on cybersecurity.

Cybersecurity

Cybersecurity Financial Services Risk Compliance

The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea

Security Affairs

MAY 24, 2023

The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against four entities and one individual for their role in malicious cyber operations conducted to support the government of North Korea. ” reads the announcement. correspondent or payable-through account sanctions.”

Government

Government Military Financial Services IT

FCA sets out plans to make Big Tech a priority and provides update on its approach to AI

Data Protection Report

APRIL 23, 2024

He noted that whilst the growing emergence of Big Tech in financial services has already made life easier for consumers, it remains unclear how valuable their data will become in financial markets. cybersecurity, financial stability, interconnectedness, data concerns or market integrity).

Financial Services

Financial Services IT Marketing Retail

Tackling Data Sovereignty with DDR

Security Affairs

JUNE 20, 2023

Data-centric distributed resilience (DDR) offers a compelling approach to addressing data sovereignty in cybersecurity. Those who fail to take a proactive approach to secure their data often learn the hard way how vulnerable – and valuable – that data can be.

Compliance

Compliance Cybersecurity Risk Encryption

5 things to know: Driving innovation with AI and hybrid cloud in the year ahead

IBM Big Data Hub

DECEMBER 18, 2023

For organizations of all types—and especially those in highly regulated industries such as financial services, government, healthcare and telco—considerations including the rise of generative AI, evolving regulations and data sovereignty laws and ongoing security challenges must be top of mind.

Cloud

Cloud Financial Services Compliance Digital transformation

Was RI Advice a watershed for cybersecurity law in Australia or a damp squib?

Data Protection Report

MAY 25, 2022

In this article we distil critical lessons from the Federal Court’s recent decision in Australian Securities and Investments Commission v RI Advice Group Pty Ltd [1] and practical actions to be taken by Boards and executive management. Lesson 1 – Context is everything.

Cybersecurity

Cybersecurity Risk Financial Services Retail

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

IT Governance

NOVEMBER 13, 2023

On 14 September, Mulkay discovered that the compromised files contained personal information, including “name, address, date of birth, Social Security number, driver’s license number or state ID, medical treatment information, and health insurance information”. Some patients also had their Social Security numbers exposed.”

Data Privacy

Data Privacy Privacy Security Data breaches

IBM Cloud delivers enterprise sovereign cloud capabilities

IBM Big Data Hub

FEBRUARY 22, 2024

IBM’s Enterprise Cloud for Regulated Industries Building on our expertise working with enterprise clients in industries such as financial services, government, healthcare and telco, we saw the need for a cloud platform designed with the unique needs of these heavily regulated industries in mind.

Cloud

Cloud Computer and Electronics Compliance Financial Services

Peter Marta, Former Global Head of Cybersecurity Law at JPMorgan joins Hogan Lovells Privacy and Cybersecurity Practice

HL Chronicle of Data Protection

JULY 15, 2019

Hogan Lovells announced today that Peter Marta , the former global head of Cybersecurity and Global Security and Investigations Legal for JPMorgan Chase and Co., has joined our Privacy and Cybersecurity practice as a partner. Pete is an established leader in the banking and financial services sectors.

Cybersecurity

Cybersecurity Privacy Financial Services Government

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Krebs on Security

FEBRUARY 9, 2023

Department of the Treasury says the Trickbot group is associated with Russian intelligence services, and that this alliance led to the targeting of many U.S. companies and government entities. Also charged with treason was Ruslan Stoyanov , then a senior employee at Russian security firm Kaspersky Lab [the Forbes.ru

Ransomware

Ransomware Government Cybersecurity Blockchain

Cuba Ransomware received over $60M in Ransom payments as of August 2022

Security Affairs

DECEMBER 2, 2022

Dollars (USD) and received more than $60 million in ransom payments from over 100 victims worldwide as of August 2022, the US government states. entities Financial Services, Government Facilities, Healthcare and Public Health, Critical Manufacturing, and Information Technology. ” reads the report.

Ransomware

Ransomware Financial Services Manufacturing Phishing

First American Financial Pays Farcical $500K Fine

Krebs on Security

JUNE 18, 2021

In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. NYSE:FAF ] was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating back 16 years. First American Financial Corp.

Insurance

Insurance Risk Financial Services Mining

GUEST ESSAY: 5 security steps all companies should adopt from the Intelligence Community

The Last Watchdog

DECEMBER 6, 2018

And, in doing so, the IC has developed an effective set of data handling and cybersecurity best practices. Businesses at large would do well to model their data collection and security processes after what the IC refers to as the “intelligence cycle.” Related video: Using the NIST framework as a starting point.

Security

Security Financial Services Manufacturing Data collection

Catches of the Month: Phishing Scams for October 2023

IT Governance

OCTOBER 13, 2023

October is both Cybersecurity Awareness Month in the US and European Cyber Security Month in the EU – twin campaigns on either side of the Atlantic that aim to improve awareness of the importance of cyber security both at work and at home, and provide tips on how to stay secure.

Phishing

Phishing Financial Services Manufacturing Personal data

Emissary Panda APT group hit Government Organizations in the Middle East

Security Affairs

MAY 30, 2019

Chinese Cyber-Spies Target Government Organizations in Middle East. Chinese APT group Emissary Panda has been targeting government organizations in two different countries in the Middle East. defense contractors , financial services firms, and a national data center in Central Asia.

Government

Government Financial Services Security Cybersecurity

MITRE ResilienCyCon: You Will Be Breached So Be Ready

eSecurity Planet

NOVEMBER 17, 2022

The conference’s focus on cyber resilience doesn’t mean that organizations should abandon core security defenses like EDR , access control and firewalls , but they should be prepared for the advanced threats that will, at some point, get past them. ” Sounil Yu: Lack of security response & recovery products.

Cloud

Cloud Ransomware Encryption Cybersecurity

China: Navigating China episode 16: New data lifecycle guidelines for financial institutions in China – detailed assessments, additional security measures and some data localisation introduced

DLA Piper Privacy Matters

APRIL 20, 2021

This introduces a data lifecycle security framework, and represents the key guideline for handling personal and other financial information by financial institutions (i.e. similar to the PIS Specification, but focused on the banking and financial services industry). Level 3: personal financial information.

Compliance

Compliance Security Financial Services Data collection

Top 12 Cloud Security Best Practices for 2021

eSecurity Planet

SEPTEMBER 10, 2021

From the very beginning of the cloud computing era, security has been the biggest concern among enterprises considering the public cloud. In addition, 95 percent of survey respondents confirmed that they are extremely to moderately concerned about public cloud security. What is cloud security?

Cloud

Cloud Security Encryption Risk

NEW TECH: Baffin Bay Networks takes a ‘cloud-first’ approach to securing web applications

The Last Watchdog

SEPTEMBER 10, 2019

That experiment conducted by a reporter for The Atlantic crystalizes the seemingly intractable security challenge businesses face today. And in a double-whammy, the efficacy of legacy cybersecurity defenses — which were deployed, at great expense, mainly to protect on-premises data centers – by many measures is rapidly eroding.

Cloud

Cloud Security Digital transformation Financial Services

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Accelerate hybrid cloud transformation through IBM Cloud for Financial Service Validation Program

Webinars

Trending Sources

Data Protection in Financial Services Week 2022

Webinars

Financial services continue to lead in cybersecurity preparedness, but chinks appear in the armor

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Market Leading Cybersecurity and National Security Lawyers David Lashway and John Woods Join Sidley in Washington, D.C.

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Cybersecurity agencies published a joint LockBit ransomware advisory

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity

NY Department of Financial Services Issues Reminder for Cybersecurity Filing Deadline

U.S. banking regulators order banks to notify cybersecurity incidents in 36 hours

SHARED INTEL: Poll highlights the urgency to balance digital resiliency, cybersecurity

Putting data storage at the forefront of cloud security

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

2024 Tech and Cybersecurity Forecast: Navigating New Frontiers in Business

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

What is Cybersecurity Risk Management?

Building for operational resilience in the age of AI and hybrid cloud

Resecurity Released a 2024 Cyber Threat Landscape Forecast

$8 million penalty to NYDFS – and another case of over-retention

Delivering security and scalability in today’s business landscape requires more than setting up a front line of defense

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Compliance & Data Privacy Regulations

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea

FCA sets out plans to make Big Tech a priority and provides update on its approach to AI

Tackling Data Sovereignty with DDR

5 things to know: Driving innovation with AI and hybrid cloud in the year ahead

Was RI Advice a watershed for cybersecurity law in Australia or a damp squib?

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

IBM Cloud delivers enterprise sovereign cloud capabilities

Peter Marta, Former Global Head of Cybersecurity Law at JPMorgan joins Hogan Lovells Privacy and Cybersecurity Practice

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Cuba Ransomware received over $60M in Ransom payments as of August 2022

First American Financial Pays Farcical $500K Fine

GUEST ESSAY: 5 security steps all companies should adopt from the Intelligence Community

Catches of the Month: Phishing Scams for October 2023

Emissary Panda APT group hit Government Organizations in the Middle East

MITRE ResilienCyCon: You Will Be Breached So Be Ready

China: Navigating China episode 16: New data lifecycle guidelines for financial institutions in China – detailed assessments, additional security measures and some data localisation introduced

Top 12 Cloud Security Best Practices for 2021

NEW TECH: Baffin Bay Networks takes a ‘cloud-first’ approach to securing web applications

Stay Connected