Data, Encryption, Financial Services and Government

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. The Amendment also includes new governance requirements and responsibilities applicable to the CISO of all covered entities.

Financial Services

Financial Services Cybersecurity Compliance Government

Financial services continue to lead in cybersecurity preparedness, but chinks appear in the armor

Thales Cloud Protection & Licensing

AUGUST 31, 2022

Financial services continue to lead in cybersecurity preparedness, but chinks appear in the armor. However, all this attention from cyber criminals, as well as regulators and governments, has produced an extremely resilient industry with some of the best cyber security practices of any sector. Thu, 09/01/2022 - 05:15.

Financial Services

Financial Services Cybersecurity Computer and Electronics Cloud

Putting data storage at the forefront of cloud security

IBM Big Data Hub

NOVEMBER 7, 2023

Securing sensitive data in an evolving landscape Advancements like those in AI and quantum computing can pose new challenges to customers, especially those in highly regulated industries such as financial services, healthcare, telecommunications and more.

Cloud

Cloud Financial Services Security Compliance

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Protecting Sensitive Data with Luna Key Broker for Microsoft Double Key Encryption

Thales Cloud Protection & Licensing

APRIL 1, 2021

Protecting Sensitive Data with Luna Key Broker for Microsoft Double Key Encryption. Today’s remote working environment relies heavily on the collaborative sharing of information, challenging organizations to maintain the security of confidential data and regulatory compliance while driving employee productivity.

Encryption

Encryption Compliance Cloud GDPR

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. And since the EU’s General Data Protection Regulation (GDPR) took effect May 25, 2018, IT compliance issues have been at the forefront of corporate concerns. GDPR-style data privacy laws came to the U.S. PIPL Raises the Bar – And the Stakes.

Data Privacy

Data Privacy Compliance Privacy Security

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

Tackling Data Sovereignty with DDR

Security Affairs

JUNE 20, 2023

Data-centric distributed resilience (DDR) offers a compelling approach to addressing data sovereignty in cybersecurity. As much of our modern life relies upon the cloud, the question of data protection is front of mind for many organizations. Data sovereignty plays a crucial role in a robust security strategy.

Compliance

Compliance Cybersecurity Risk Encryption

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity

Thales Cloud Protection & Licensing

NOVEMBER 20, 2023

Data breaches in the retail sector illustrate the vulnerabilities inherent to this industry, emphasizing the need for robust cybersecurity measures. This finding not only underscores the vulnerability of the retail sector but also accentuates the financial repercussions of such breaches.

Retail

Retail Cybersecurity Financial Services Encryption

Collibra Data Intelligence: tackle 2023’s biggest data challenges

Collibra

JANUARY 31, 2023

Everyone knows how much data intelligence means to the enterprise. Most enterprises want a data intelligence solution. But a much smaller percentage actually adopt and integrate data intelligence into their decision-making, according to the 2022 Data Intelligence Index. Data powers our society and our economy.

Digital transformation

Digital transformation Data Privacy Privacy Cloud

$8 million penalty to NYDFS – and another case of over-retention

Data Protection Report

JANUARY 18, 2024

On January 3, 2024, the New York Department of Financial Services announced a consent order with GGT, where GGT agreed to pay NYDFS $8 million and to surrender its BitLicense (for cryptocurrency trading), due to alleged violations of NYDFS’ cybersecurity and its virtual currency regulations.

Cybersecurity

Cybersecurity Financial Services Compliance Encryption

IBM Cloud delivers enterprise sovereign cloud capabilities

IBM Big Data Hub

FEBRUARY 22, 2024

While AI can undoubtedly offer a competitive edge to organizations that effectively leverage its capabilities, we have seen unique concerns from industry to industry and region to region that must be considered—particularly around data.

Cloud

Cloud Computer and Electronics Compliance Financial Services

5 things to know: Driving innovation with AI and hybrid cloud in the year ahead

IBM Big Data Hub

DECEMBER 18, 2023

For organizations of all types—and especially those in highly regulated industries such as financial services, government, healthcare and telco—considerations including the rise of generative AI, evolving regulations and data sovereignty laws and ongoing security challenges must be top of mind.

Cloud

Cloud Financial Services Compliance Digital transformation

Slack Launched Encryption Key Addon For Businesses

Security Affairs

MARCH 18, 2019

Slack announced today to launch encryption keys that will help businesses to protect their data. Slack announced today to launch encryption keys that will help businesses to protect their data. Slack announced today to launch encryption keys that will help businesses to protect their data.

Encryption

Encryption Risk Financial Services Privacy

Navigating the EU-US Data Protection Framework

Thales Cloud Protection & Licensing

JANUARY 10, 2024

Navigating the EU-US Data Protection Framework sparsh Thu, 01/11/2024 - 05:26 On 10 July 2023, the European Commission adopted a new adequacy decision regarding the Data Privacy Framework (“DPF”). However, European organizations need to dive with eyes wide open when transferring personal data to the US under the DPF.

Data Privacy

Data Privacy Personal data Privacy Cloud

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

IT Governance

NOVEMBER 13, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. The data included shoppers’ names, email addresses, phone numbers, countries of residence and membership numbers.

Data Privacy

Data Privacy Privacy Security Data breaches

Navigating the digital wave: Understanding DORA and the role of confidential computing

IBM Big Data Hub

FEBRUARY 5, 2024

The Digital Operational Resilience Act (DORA) marks a significant milestone in the European Union’s (EU) efforts to bolster the operational resilience of the financial sector in the digital age. Furthermore, the RTS Article 6 highlights the necessity for all networked traffic, both internal and external, to be encrypted.

Encryption

Encryption Data Privacy Compliance Cloud

An introduction to Wazi as a Service

IBM Big Data Hub

NOVEMBER 14, 2023

With flexible consumption-based pricing, it provides on-demand access to z/OS systems, dramatically improving developer productivity by accelerating release cycles on secure, regulated hybrid cloud environments like IBM Cloud Framework for Financial Services (FS Cloud). What are the benefits of Wazi as a service on IBM Cloud?

Financial Services

Financial Services Cloud Compliance Digital transformation

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Hunton Privacy

JULY 1, 2022

On June 24, 2022, the New York State Department of Financial Services (“NYDFS” or the “Department”) announced it had entered into a $5 million settlement with Carnival Corp. NYDFS also found that Carnival had failed to implement basic protocols to prevent data breaches.

Cybersecurity

Cybersecurity Insurance Phishing Financial Services

Delivering security and scalability in today’s business landscape requires more than setting up a front line of defense

IBM Big Data Hub

DECEMBER 14, 2023

The stakes are especially high for organizations in highly regulated industries because they can be exploited through their digital supply chain, giving hackers access to consumers’ valuable and sensitive data. Consequently, these data breaches can rattle customer trust and the confidence of regulators. 

Cloud

Cloud Security Data breaches Cybersecurity

China: Navigating China episode 16: New data lifecycle guidelines for financial institutions in China – detailed assessments, additional security measures and some data localisation introduced

DLA Piper Privacy Matters

APRIL 20, 2021

Important new guidelines outlining how personal and other types of financial information should be handled by financial institutions throughout the data lifecycle have just come into force in China, including a new data localisation obligation. The “Financial Data Lifecycle Guidelines” (????????????)

Compliance

Compliance Security Financial Services Data collection

MITRE ResilienCyCon: You Will Be Breached So Be Ready

eSecurity Planet

NOVEMBER 17, 2022

Unpatched vulnerabilities are at fault in anywhere from a third to more than half of all data breaches, depending on the study, so it’s natural to wonder why organizations don’t do a better job of patch management. How to build in that cyber resiliency was the focus of a number of talks at the conference. Patching Is Hard.

Cloud

Cloud Ransomware Encryption Cybersecurity

Maze ransomware gang discloses data from drug testing firm HMR

Security Affairs

APRIL 8, 2020

The drug testing firm Hammersmith Medicines Research LTD (HMR), which performs live trials of Coronavirus vaccines, discloses a data breach. Stolen data included the personal information for volunteers who surnames begin with D, G, I, or J. ” reads the data breach notification published by the company.

Ransomware

Ransomware Data breaches Encryption Financial Services

Cuba Ransomware received over $60M in Ransom payments as of August 2022

Security Affairs

DECEMBER 2, 2022

Dollars (USD) and received more than $60 million in ransom payments from over 100 victims worldwide as of August 2022, the US government states. entities Financial Services, Government Facilities, Healthcare and Public Health, Critical Manufacturing, and Information Technology.

Ransomware

Ransomware Financial Services Manufacturing Phishing

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6 CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6

Security

Security Data breaches Ransomware Artificial Intelligence

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

. “AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors.

Ransomware

Ransomware Passwords Encryption Financial Services

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

Security Affairs

FEBRUARY 21, 2024

government offers rewards of up to $15 million for information that could lead to the identification or location of LockBit ransomware gang members and affiliates. LockBit had a bespoke data exfiltration tool, known as Stealbit, which was used by affiliates to steal victim data. reads the NCA’s announcement.

Energy and Utilities

Energy and Utilities Ransomware Agriculture Manufacturing

What is Cybersecurity Risk Management?

eSecurity Planet

FEBRUARY 11, 2022

As data and IT infrastructure become more valuable by the day, cybersecurity risk management is increasingly important for enterprises with a steep cost for noncompliance or extensive, unaddressed vulnerabilities. Also read : Top Governance, Risk, and Compliance (GRC) Tools for 2022. Mapping Environment Data.

Risk

Risk Cybersecurity Encryption Access

Top 10 Governance, Risk and Compliance (GRC) Vendors

eSecurity Planet

JANUARY 21, 2021

Governance, risk, and compliance (GRC) software helps businesses manage all of the necessary documentation and processes for ensuring maximum productivity and preparedness. Third-party governance. Like other competitive GRC solutions, it speeds the process of aggregating and mining data, building reports, and managing files.

Compliance

Compliance Risk Government Retail

Ransomware at IT Services Provider Synoptek

Krebs on Security

DECEMBER 27, 2019

-based Synoptek is a managed service provider that maintains a variety of cloud-based services for more than 1,100 customers across a broad spectrum of industries , including state and local governments, financial services, healthcare, manufacturing, media, retail and software.

Ransomware

Ransomware IT Phishing Financial Services

2024 Tech and Cybersecurity Forecast: Navigating New Frontiers in Business

Thales Cloud Protection & Licensing

DECEMBER 20, 2023

The advent of quantum-safe cryptography is essential to protect sensitive data against the superior capabilities of quantum computers. This strategy addresses security concerns related to intellectual property and sensitive data in large language models (LLMs). The implications for business are profound.

Cybersecurity

Cybersecurity Blockchain Artificial Intelligence Encryption

NYDFS finalizes cybersecurity rule amendments

Data Protection Report

NOVEMBER 2, 2023

On November 1, 2023, the New York Department of Financial Services (NYDFS) finalized the second amendment to its cybersecurity regulations, which are available here. The rules contain the provisions we had described in the original NYDFS proposal a year ago (see our blog post here ), but include some changes. d) and 500.22(e)),

Cybersecurity

Cybersecurity Compliance Financial Services Government

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

The Last Watchdog

SEPTEMBER 7, 2022

Healthcare and public health, financial services, and IT organizations are frequent targets, although businesses of all sizes can fall victim to these schemes. They can refuse to pay the ransom and have criminals release sensitive data. They’re often state-sponsored entities, foreign governments, or actual businesses.

Ransomware

Ransomware Education Phishing Financial Services

China-linked Budworm APT returns to target a US entity

Security Affairs

OCTOBER 13, 2022

The Budworm cyber espionage group (aka APT27 , Bronze Union , Emissary Panda , Lucky Mouse , TG-3390 , and Red Phoenix) is behind a series attacks conducted over the past six months against a number of high-profile targets, including the government of a Middle Eastern country, a multinational electronics manufacturer, and a U.S.

File names

File names Financial Services Manufacturing Libraries

What is a Cyberattack? Types and Defenses

eSecurity Planet

JUNE 16, 2022

Cyber criminals may damage, destroy, steal, encrypt, expose, or leak data as well as cause harm to a system. Encrypted threats spiked 167%, ransomware increased 105%, and 5.4 In May, cybersecurity researchers revealed that ransomware attacks are increasing their aggressive approach by destroying data instead of encrypting it.

Ransomware

Ransomware Cybersecurity Phishing Encryption

Federal Agency Data is Under Siege

Thales Cloud Protection & Licensing

JULY 24, 2018

to discuss the findings of the 2018 Thales Data Threat Report, Federal Edition. Question: Can you provide an overview of the 2018 Thales Data Threat Report, Federal Edition, and elaborate why it’s needed today more than ever? This year’s report is especially relevant because it tells us federal agency data is under siege.

Encryption

Encryption Cloud Data breaches Government

How ATB Financial drives agile data ops with Collibra and GCP

Collibra

MARCH 23, 2021

ATB Financial provides a diversified set of financial services to more than 770,000 residents of Alberta, Canada. Being a regionally focused institution, the group is dedicated to knowing its customers intimately, understanding their needs and providing products and services that help them achieve their goals.

Cloud

Cloud Government Access Metadata

More details about Operation Cronos that disrupted Lockbit operation

Security Affairs

FEBRUARY 20, 2024

Law enforcement also had access to data stolen from the victims of the ransomware operation, a circumstance that highlights the fact that even when a ransom is paid, the ransomware gang often fails to delete the stolen information. ” reads the NCA’s announcement. ” said National Crime Agency Director General, Graeme Biggar.

Energy and Utilities

Energy and Utilities Ransomware Manufacturing Agriculture

Top 12 Cloud Security Best Practices for 2021

eSecurity Planet

SEPTEMBER 10, 2021

For many organizations, the idea of storing data or running applications on infrastructure that they do not manage directly seems inherently insecure. According to IDC’s 2021 State of Cloud Security Report , 79 percent of surveyed companies reported a cloud data breach in the last 18 months.

Cloud

Cloud Security Encryption Risk

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

Rather than bringing substantial changes to the existing China data privacy framework, the PIPL helpfully consolidates and clarifies obligations on processing of personal information at a national law level. To be clear, this is not China’s own GDPR.

Data Privacy

Data Privacy Privacy Compliance Analytics

Confidential Containers with Red Hat OpenShift Container Platform and IBM® Secure Execution for Linux

IBM Big Data Hub

JANUARY 10, 2024

Hybrid cloud is also forcing a significant rethinking of how to secure and protect data and assets. Confidential computing is an emerging foundational capability that enables the protection of data-in-use. This unique capability is designed for workloads that have strong data sovereignty, regulatory or data privacy requirements.

Security

Security Cloud Data Privacy Financial Services

CENTRAL BANK DIGITAL CURRENCIES

Thales Cloud Protection & Licensing

FEBRUARY 27, 2023

One of the best resources for the collected data is the CBDC Tracker : CBDCs are still in the experimental phase in many countries and are not yet widely available. CBDC Benefits With the introduction of CBDCs there are multiple benefits for Consumers, Government &Central Banks and other Financial institutions.

Financial Services

Financial Services Access Risk Security

Ransomware Protection in 2021

eSecurity Planet

FEBRUARY 16, 2021

All of your files are encrypted with RSA-2048 and AES-128 ciphers.” ” Or you might see a readme.txt stating, “Your files have been replaced by these encrypted containers and aren’t accessible; you will lose your files on [enter date] unless you pay $2500 in Bitcoin.” IMPORTANT INFORMATION !!!

Ransomware

Ransomware Encryption Insurance Cloud

Office of Foreign Assets Control: Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

Data Matters

OCTOBER 8, 2020

Ransomware attacks use malware, often injected through phishing schemes, to encrypt a victim’s data files or programs, followed by a ransom demand by the threat actor that offers the decryption key in exchange for payment. Payment is often demanded in bitcoin, and thus third-party services are often used to make such payments.

Ransomware

Ransomware Compliance Risk Government

It’s time to think twice about retail loyalty programs

Thales Cloud Protection & Licensing

DECEMBER 11, 2018

As I was starting to write this blog, yet another retail program data breach occurred, for Marriott’s Starwood loyalty program. But it looks like my own personal data has been breached – again. What I’d originally planned to write about was a topic that directly applies – why retailers of all stripes are not investing in data security.

Retail

Retail Data breaches Encryption Mining

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Financial services continue to lead in cybersecurity preparedness, but chinks appear in the armor

Webinars

Trending Sources

Putting data storage at the forefront of cloud security

Webinars

Protecting Sensitive Data with Luna Key Broker for Microsoft Double Key Encryption

Security Compliance & Data Privacy Regulations

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Tackling Data Sovereignty with DDR

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity

Collibra Data Intelligence: tackle 2023’s biggest data challenges

$8 million penalty to NYDFS – and another case of over-retention

IBM Cloud delivers enterprise sovereign cloud capabilities

5 things to know: Driving innovation with AI and hybrid cloud in the year ahead

Slack Launched Encryption Key Addon For Businesses

Navigating the EU-US Data Protection Framework

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

Navigating the digital wave: Understanding DORA and the role of confidential computing

An introduction to Wazi as a Service

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Delivering security and scalability in today’s business landscape requires more than setting up a front line of defense

China: Navigating China episode 16: New data lifecycle guidelines for financial institutions in China – detailed assessments, additional security measures and some data localisation introduced

MITRE ResilienCyCon: You Will Be Breached So Be Ready

Maze ransomware gang discloses data from drug testing firm HMR

Cuba Ransomware received over $60M in Ransom payments as of August 2022

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Avoslocker ransomware gang targets US critical infrastructure

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

What is Cybersecurity Risk Management?

Top 10 Governance, Risk and Compliance (GRC) Vendors

Ransomware at IT Services Provider Synoptek

2024 Tech and Cybersecurity Forecast: Navigating New Frontiers in Business

NYDFS finalizes cybersecurity rule amendments

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

China-linked Budworm APT returns to target a US entity

What is a Cyberattack? Types and Defenses

Federal Agency Data is Under Siege

How ATB Financial drives agile data ops with Collibra and GCP

More details about Operation Cronos that disrupted Lockbit operation

Top 12 Cloud Security Best Practices for 2021

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

Confidential Containers with Red Hat OpenShift Container Platform and IBM® Secure Execution for Linux

CENTRAL BANK DIGITAL CURRENCIES

Ransomware Protection in 2021

Office of Foreign Assets Control: Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

It’s time to think twice about retail loyalty programs

Stay Connected