Data Protection Report

NOVEMBER 1, 2023

Under the Federal Trade Commission’s (“FTC”) new amendment to the Safeguards Rule (the “Amended Rule”), non-banking financial institutions will have to report certain data breaches and other security events to the agency. The FTC will publish information from the notification event report on a publicly available database.

Encryption 58

Encryption Cybersecurity Data breaches Financial Services 58

IBM Big Data Hub

AUGUST 1, 2023

We are bringing the power of foundation models with the availability of a GPU as a service on IBM Cloud offering to help organizations tap into artificial intelligence (AI) in a secured environment while aiming to mitigate third- and fourth-party risk.

Financial Services 68

Financial Services Computer and Electronics Cloud Digital transformation 68

HL Chronicle of Data Protection

FEBRUARY 25, 2020

Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the effective date of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act or Act).

Cybersecurity 104

Cybersecurity Financial Services Data breaches Insurance 104

Data Protection Report

NOVEMBER 2, 2023

On November 1, 2023, the New York Department of Financial Services (NYDFS) finalized the second amendment to its cybersecurity regulations, which are available here. NYDFS retained the broader term “cybersecurity event” that it uses in several sections of the regulation, but, with respect to notifications to NYDFS (§ 500.17(a)),

Cybersecurity 105

Cybersecurity Compliance Financial Services Government 105

eSecurity Planet

JUNE 16, 2022

Cyber criminals may damage, destroy, steal, encrypt, expose, or leak data as well as cause harm to a system. Encrypted threats spiked 167%, ransomware increased 105%, and 5.4 In May, cybersecurity researchers revealed that ransomware attacks are increasing their aggressive approach by destroying data instead of encrypting it.

Ransomware 141

Ransomware Cybersecurity Phishing Encryption 141

Thales Cloud Protection & Licensing

NOVEMBER 27, 2018

The cybersecurity regulation ( 23 NYCRR 500 ) adopted by the New York State Department of Financial Services (NYDFS) is nearly two years old. Leading up to that date, companies have had to meet several milestones including hiring a CISO, encrypting all its non-public consumer data and enabling multi-factor authentication.

Cybersecurity 72

Cybersecurity Financial Services Encryption Data Privacy 72

HL Chronicle of Data Protection

OCTOBER 4, 2018

As of Tuesday, September 4, 2018, covered entities are required to be in compliance with additional requirements relating to: Audit Trail (Section 500.06); Application Security (Section 500.08); Limitations on Data Retention (Section 500.13); Monitoring of Authorized Users (Section 500.14(a)); Limitations on Data Retention (500.13).

Cybersecurity 65

Cybersecurity Encryption Financial Services Compliance 65

Thales Cloud Protection & Licensing

JULY 24, 2018

to discuss the findings of the 2018 Thales Data Threat Report, Federal Edition. Question: Can you provide an overview of the 2018 Thales Data Threat Report, Federal Edition, and elaborate why it’s needed today more than ever? This year’s report is especially relevant because it tells us federal agency data is under siege.

Encryption 48

Encryption Cloud Data breaches Government 48

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. Upcoming certifications.

Cybersecurity 40

Cybersecurity Compliance Financial Services Risk 40

DLA Piper Privacy Matters

AUGUST 23, 2021

Rather than bringing substantial changes to the existing China data privacy framework, the PIPL helpfully consolidates and clarifies obligations on processing of personal information at a national law level. To be clear, this is not China’s own GDPR.

Data Privacy 111

Data Privacy Privacy Compliance Analytics 111

Hunton Privacy

SEPTEMBER 30, 2015

In the near future, blockchain may become the new architecture of a reinvented global financial services infrastructure. In the event of an actual attack, blockchain’s virtues, such as decentralization and immutability, would instantly become vices, as the malware would spread far and wide and the pollution would not be easily erased.

Blockchain 49

Blockchain Cybersecurity Financial Services Encryption 49

HL Chronicle of Data Protection

OCTOBER 4, 2018

As of Tuesday, September 4, 2018, covered entities are required to be in compliance with additional requirements relating to: Audit Trail (Section 500.06); Application Security (Section 500.08); Limitations on Data Retention (Section 500.13); Monitoring of Authorized Users (Section 500.14(a)); Limitations on Data Retention (500.13).

Cybersecurity 40

Cybersecurity Encryption Financial Services Compliance 40

HL Chronicle of Data Protection

OCTOBER 4, 2018

As of Tuesday, September 4, 2018, covered entities are required to be in compliance with additional requirements relating to: Audit Trail (Section 500.06); Application Security (Section 500.08); Limitations on Data Retention (Section 500.13); Monitoring of Authorized Users (Section 500.14(a)); Limitations on Data Retention (500.13).

Cybersecurity 40

Cybersecurity Encryption Financial Services Compliance 40

Adam Levin

NOVEMBER 30, 2018

“The company recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it,” Marriott disclosed in a statement. The vulnerability that the hackers took advantage of had been in place and used for “unauthorized access,” according to the company statement, since 2014.

Financial Services 66

Financial Services Encryption Passwords Communications 66

Hunton Privacy

APRIL 27, 2017

Earlier this month, the New York State Department of Financial Services (“NYDFS”) recently published FAQs and key dates for its cybersecurity regulation (the “NYDFS Regulation”) for financial institutions that became effective on March 1, 2017. September 3, 2018 – the eighteen month transitional period ends.

Cybersecurity 53

Cybersecurity Compliance Financial Services Insurance 53

eSecurity Planet

FEBRUARY 16, 2021

All of your files are encrypted with RSA-2048 and AES-128 ciphers.” ” Or you might see a readme.txt stating, “Your files have been replaced by these encrypted containers and aren’t accessible; you will lose your files on [enter date] unless you pay $2500 in Bitcoin.” IMPORTANT INFORMATION !!!

Ransomware 97

Ransomware Encryption Insurance Cloud 97

Thales Cloud Protection & Licensing

JULY 24, 2023

Network Encryption Keeps Our Data in Motion Secure for Business Services madhav Tue, 07/25/2023 - 04:59 The demand for high-speed networks and fast data transfers is increasing due to cloud adoption, digital transformation, and hybrid work. Why do you need network encryption in business services?

Business Services 62

Business Services Encryption Manufacturing Security 62

Data Matters

MARCH 12, 2019

Over the last few years, States have enacted increasingly aggressive legislation concerning data privacy and security, raising concerns that companies will be subject to a patchwork of different standards. The Commission’s vote to submit the Safeguard Rule NPRM was divided, with Commissioners Noah Phillips and Christine Wilson dissenting.

Privacy 68

Privacy IT Information Security Insurance 68

DLA Piper Privacy Matters

JULY 30, 2019

A data breach, that is. It’s your service provider’s breach, but it involves your (more likely, your customer’s) data. Service provider cyber incidents have exploded in volume, type, frequency, response time and cost. Who “owns” a data breach?

Data breaches 45

Data breaches Cybersecurity Financial Services Risk 45

Security Affairs

MARCH 29, 2022

Earmarked by the FBI as a particular threat to the financial service industry just over a year ago, the increase of internet traffic, data breaches and API usage all contribute to the perfect conditions for successful credential stuffing attacks. In that event, you should probably also change your password.

IT 74

IT Passwords Authentication Data Privacy 74

CGI

DECEMBER 18, 2018

Sibos is one of the biggest banking industry events and is run in a different location every year allowing the great and the good of the financial services world to get away from the office for a week and spend some time seeing what else is going on in the market. there is a level playing field between competitors.

Financial Services 40

Financial Services Encryption Marketing GDPR 40

HL Chronicle of Data Protection

MAY 13, 2019

Major data breaches in recent years are spurring state legislators and regulators across the US into action. Later that year, the National Association of Insurance Commissioners (‘NAIC’) adopted its Insurance Data Security Model Law (‘the NAIC Model’) as a framework cybersecurity law for the insurance industry.

Insurance 40

Insurance Cybersecurity Data breaches Financial Services 40

Thales Cloud Protection & Licensing

DECEMBER 4, 2019

While this event is still considered one of the most grandiose thefts, financial institutions today collectively face digital attacks that easily rival it. Theft and other data security incidents cost financial institutions millions of dollars and result in more consumer records being lost or stolen, year after year.

Financial Services 22

Financial Services Encryption Cloud Digital transformation 22

Hunton Privacy

FEBRUARY 25, 2021

As reported on the Hunton Insurance Recovery blog , on February 4, 2021, the New York Department of Financial Services (“NYDFS”), which regulates the business of insurance in New York, has issued guidelines, in the Insurance Circular Letter No. complaint filed Oct. 10, 2018), remains pending in an Illinois state court.

Insurance 70

Insurance Cybersecurity Risk Education 70

ARMA International

AUGUST 2, 2019

with Equifax in connection with a 2017 data breach that exposed sensitive, personal data of around 147 million people. According to the FTC’s press release, the data breach included “names and dates of birth, Social Security numbers, physical addresses, and other personal information that could lead to identity theft and fraud.”

Cloud 41

Cloud Data breaches Encryption Access 41

HL Chronicle of Data Protection

MARCH 14, 2019

The plan must enable FIs to promptly respond to and recover from security events affecting customer information. It must also address the goals of the plan, internal processes for responding to a security event, and documentation and reporting regarding security events and related incident response activities.

Privacy 40

Privacy Risk Cybersecurity Information Security 40

IBM Big Data Hub

NOVEMBER 29, 2023

Financial Services clients are increasingly looking to modernize their applications. Moreover, many of these financial services applications support regulated workloads, which require strict levels of security and compliance, including Zero Trust protection of the workloads.

Cloud 100

Cloud Financial Services Security Compliance 100

eSecurity Planet

AUGUST 13, 2021

For everything from minor network infractions to devastating cyberattacks and data privacy troubles , digital forensics software can help clean up the mess and get to the root of what happened. The Sleuth Kit enables administrators to analyze file system data via a library of command-line tools for investing disk images.

e-Discovery 137

e-Discovery Computer and Electronics Marketing Compliance 137

eSecurity Planet

MARCH 26, 2021

While ransomware attacks have become a ubiquitous event these days, what makes this attack distinctive is the ransom demand itself. . approach in that the attackers copy and exfiltrate a company’s data just prior to encrypting it. According to their data, the U.S. The Biggest Ransomware Demand in History.

Ransomware 57

Ransomware Authentication Financial Services Military 57

ForAllSecure

JANUARY 19, 2022

You might not think of it as a major aspect of security and yet, stolen credentials are really the key to data breaches today. Moffatt: I think tokens are typically what I guess happens once somebody has authenticated so once the authentication event is taking place, and you've identified it, yeah, this is some Simon coming back.

Passwords 52

Passwords Authentication Access Data breaches 52

ForAllSecure

APRIL 19, 2023

In the 1950s we started to get early operating systems, and these included supervisory programs that helped manage the data coming in and going back out. But the interesting thing about that is that these column oriented data warehouse DBMS are extremely fast at searching. With simple, really fast SQL queries. Right, okay.

Analytics 40

Analytics Communications Computer and Electronics Cybersecurity 40

eSecurity Planet

JANUARY 11, 2022

Investors, business clients, and more continue to look for secure application access for remote workers , provide real-time visibility into cyberattacks, and protect data as it travels from the cloud to edge networks and end-users and back. It uses this data to show a complete narrative of an attack in real-time. Open Raven.

Cybersecurity 142

Cybersecurity Cloud Compliance Analytics 142

eSecurity Planet

MAY 27, 2021

Maintaining the integrity of networks and data is a critical consideration for every organization. Security information and event management SIEM Splunk IBM. Since then, the McAfee MVISION Cloud solution offers agentless data loss prevention (DLP) to large enterprises. Security information and event management (SIEM): Splunk.

Security 89

Security Cloud Analytics Access 89

ForAllSecure

MAY 4, 2021

In a moment we'll hear about a cool new framework that MITRE developed it attempts to map potential threats by looking at past events and catalogs, all known tactics and techniques used by criminal hackers. Vamosi: ATT&CK also allows you to move to the next level to get ahead of the adversary ATT & CK based on past events.

Government 52

Government IT Access Analytics 52

ForAllSecure

MAY 4, 2021

In a moment we'll hear about a cool new framework that MITRE developed it attempts to map potential threats by looking at past events and catalogs, all known tactics and techniques used by criminal hackers. Vamosi: ATT&CK also allows you to move to the next level to get ahead of the adversary ATT & CK based on past events.

Government 52

Government IT Access Analytics 52