Document, Encryption and Financial Services - Information Management Today

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. CISO and senior governing body requirements; 500.15: Encryption requirements; 500.16: Incident response plan requirements; and, 500.19(a):

Financial Services

Financial Services Cybersecurity Compliance Government

LockFile Ransomware uses a new intermittent encryption technique

Security Affairs

AUGUST 31, 2021

Recently emerged LockFile ransomware family LockFile leverages a novel technique called intermittent encryption to speed up encryption. Sophos researchers discovered that the group is now leveraging a new technique called “intermittent encryption” to speed up the encryption process.

Encryption

Encryption Ransomware Financial Services Manufacturing

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Choosing to Store, Scan, or Shred Your Documents: A Comprehensive Guide

Armstrong Archives

DECEMBER 18, 2023

This reality has made data security increasingly important, requiring a sea change in the way companies handle their documents. We have decades of experience in the safe storage, scanning, and shredding of our clients’ important documents. What paperwork do I need to keep: How do you know which documents to keep or shred?

Archiving

Archiving Paper Records Management Compliance

GUEST ESSAY: 7 tips for protecting investor data when it comes to alternative asset trading

The Last Watchdog

JULY 11, 2023

This includes scanning all materials, such as investor onboarding documents and communication. Implement strong data encryption. Data encryption is fundamental for protecting sensitive information in alternative asset trading. Industry-standard algorithms for encryption can ensure all data, in transit and at rest, is safe.

IT

IT Encryption Risk Financial Services

$8 million penalty to NYDFS – and another case of over-retention

Data Protection Report

JANUARY 18, 2024

On January 3, 2024, the New York Department of Financial Services announced a consent order with GGT, where GGT agreed to pay NYDFS $8 million and to surrender its BitLicense (for cryptocurrency trading), due to alleged violations of NYDFS’ cybersecurity and its virtual currency regulations.

Cybersecurity

Cybersecurity Financial Services Compliance Encryption

The Clock is Ticking for PCI DSS 4.0 Compliance

Thales Cloud Protection & Licensing

SEPTEMBER 18, 2023

According to the 2022 Thales Data Threat Report – Financial Services Edition , 52% of U.S. financial services organizations report that they have experienced a data breach in the past. The new version includes many updates, which you can read in the Summary of Changes document. million, second only to healthcare.

Compliance

Compliance Financial Services Data breaches Encryption

BlackCocaine Ransomware, a new malware in the threat landscape

Security Affairs

JUNE 5, 2021

Recently Cyber researchers for Cyble investigated an attack suffered by on May 30, 2021, by Nucleus Software, an India-based IT company in the Banking and Financial Services sector. Nucleus Software declared that it does not store customers’ financial data. . BlackCocaine ” to the filenames of encrypted files.

Ransomware

Ransomware Encryption File names Financial Services

API Security in 2024: Imperva Report Uncovers Rising Threats and the Urgent Need for Action

Thales Cloud Protection & Licensing

MARCH 6, 2024

Nearly one-third (28%) of all DDoS attacks on APIs focus on financial services organizations, the most targeted industry for this type of attack. Shadow APIs Fuel Data Leakage Undiscovered or poorly documented APIs increase the attack surface. Encryption Lebin Cheng | VP, API Security More About This Author > Schema

Security

Security Authentication Risk Cybersecurity

MITRE ResilienCyCon: You Will Be Breached So Be Ready

eSecurity Planet

NOVEMBER 17, 2022

The sheer difficulty is one reason that vulnerability management as a service (VMaaS) and similar services have been gaining traction among security buyers. Google’s cloud security is well regarded (and the company has shared some documentation of its security architecture and practices too). Prepare Now.

Cloud

Cloud Ransomware Encryption Cybersecurity

Ransomware at IT Services Provider Synoptek

Krebs on Security

DECEMBER 27, 2019

-based Synoptek is a managed service provider that maintains a variety of cloud-based services for more than 1,100 customers across a broad spectrum of industries , including state and local governments, financial services, healthcare, manufacturing, media, retail and software. When the site was first set up on Dec.

Ransomware

Ransomware IT Phishing Financial Services

Morgan Stanley discloses data breach after the hack of a third-party vendor

Security Affairs

JULY 8, 2021

The American multinational investment bank and financial services firm Morgan Stanley discloses a data breach caused by the hack of an Accellion FTA server of a third-party vendor. The company pointed out that exposed files did not contain passwords that could be used to access financial accounts. ” reads the letter.

Data breaches

Data breaches Encryption Financial Services Access

Mysterious custom malware used to steal 1.2TB of data from million PCs

Security Affairs

JUNE 11, 2021

These included logins for social media, online games, online marketplaces, job-search sites, consumer electronics, financial services, email services, and more. Experts found over 650,000 Word documents and.pdf files in the archive. More than 1 million images have been stolen by the malware, including 696,000.png

Computer and Electronics

Computer and Electronics Archiving Encryption Passwords

What is Cybersecurity Risk Management?

eSecurity Planet

FEBRUARY 11, 2022

Some organizations such as financial services firms and healthcare organizations, have regulatory concerns in addition to business concerns that need to be addressed in a cybersecurity risk management system. Documenting and Implementing Procedures. Advanced Encryption. Maintaining Regulatory Compliance.

Risk

Risk Cybersecurity Encryption Access

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Other industry standards too can have the force of “pseudo-law” – notably, the NIST Cybersecurity Framework, which federal regulators often apply to financial-services firms and government contractors. Thus, it can be difficult for even small enterprises to keep up with information security and data privacy compliance.

Data Privacy

Data Privacy Compliance Privacy Security

Maze ransomware gang discloses data from drug testing firm HMR

Security Affairs

APRIL 8, 2020

The attack took place on March 14th, 2020, when the Maze Ransomware operators exfiltrated data from the HMR’s network and then encrypt their systems. The Hammersmith Medicines Research is notifying impacted individuals via email the incident, the hackers stole data then employed ransomware to encrypt its systems.

Ransomware

Ransomware Data breaches Encryption Financial Services

NYDFS Files First Cybersecurity Enforcement Action

Hunton Privacy

JULY 24, 2020

On Wednesday, July 22, the New York Department of Financial Services (the “NYDFS”) announced that it had filed administrative charges against First American Title Insurance Co. under the NYDFS Cybersecurity Regulation , marking the agency’s first enforcement action since the rules went into effect in March 2017. NYCRR 500.14(b):

Cybersecurity

Cybersecurity Risk Financial Services Insurance

2024 Tech and Cybersecurity Forecast: Navigating New Frontiers in Business

Thales Cloud Protection & Licensing

DECEMBER 20, 2023

To ensure data integrity and network security, businesses must adopt more sophisticated security protocols, including advanced encryption methods and AI-driven threat detection systems. Initially a driving force in financial services for secure transactions, blockchain now faces the challenge of reshaping its image and functionality.

Cybersecurity

Cybersecurity Blockchain Artificial Intelligence Encryption

Marriott Breach: More than 500 Million Guest Affected

Adam Levin

NOVEMBER 30, 2018

“The company recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it,” Marriott disclosed in a statement. The vulnerability that the hackers took advantage of had been in place and used for “unauthorized access,” according to the company statement, since 2014.

Financial Services

Financial Services Encryption Passwords Communications

Top 12 Cloud Security Best Practices for 2021

eSecurity Planet

SEPTEMBER 10, 2021

Leading IaaS and platform as a service (PaaS) vendors like Amazon Web Services (AWS) and Microsoft Azure provide documentation to their customers so all parties understand where specific responsibilities lie according to different types of deployment. Does the provider encrypt data while in transit and at rest?

Cloud

Cloud Security Encryption Risk

Ransomware Protection in 2021

eSecurity Planet

FEBRUARY 16, 2021

All of your files are encrypted with RSA-2048 and AES-128 ciphers.” ” Or you might see a readme.txt stating, “Your files have been replaced by these encrypted containers and aren’t accessible; you will lose your files on [enter date] unless you pay $2500 in Bitcoin.” IMPORTANT INFORMATION !!!

Ransomware

Ransomware Encryption Insurance Cloud

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

Data Matters

APRIL 20, 2021

The Best Practices highlight 18 areas of cybersecurity controls appropriate for policies approved by senior leadership, which emphasize the “documented” nature of the recommended cybersecurity program.

Cybersecurity

Cybersecurity Insurance Risk Compliance

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

Hunton Privacy

FEBRUARY 6, 2015

Conducted by the SEC Office of Compliance Inspections and Examinations (“OCIE”) from 2013 through April 2014, the examinations inspected the cybersecurity practices of 57 registered broker-dealers and 49 registered investment advisers through interviews and document reviews.

Cybersecurity

Cybersecurity Insurance Financial Services Risk

How ATB Financial drives agile data ops with Collibra and GCP

Collibra

MARCH 23, 2021

ATB Financial provides a diversified set of financial services to more than 770,000 residents of Alberta, Canada. Being a regionally focused institution, the group is dedicated to knowing its customers intimately, understanding their needs and providing products and services that help them achieve their goals.

Cloud

Cloud Government Access Metadata

Understanding Blockchain and its Impact on Legal Technology, Part Two

eDiscovery Daily

FEBRUARY 26, 2019

Areas such as financial services, technology, manufacturing, pharmaceutical, and energy industries all needed systems with these two factors. Or think of it as a document in Google Docs that is being seen by multiple people simultaneously. How Blockchain Works.

Blockchain

Blockchain IT Computer and Electronics Healthcare

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

Hunton Privacy

AUGUST 15, 2022

On July 29, 2022, the New York Department of Financial Services (“NYDFS”) posted proposed amendments (“Proposed Amendments”) to its Cybersecurity Requirements for Financial Services Companies (“Cybersecurity Regulations”). A covered entity’s incident response plan, as required by Section 500.16

Financial Services

Financial Services Cybersecurity Risk Passwords

50 Ways to Avoid Getting Scammed on Black Friday

Adam Levin

NOVEMBER 17, 2020

VPNs encrypt data , making it much harder to intercept when transmitted through a shared or suspect internet connection. SSLs ensure all data is encrypted. A green or gray padlock icon in your browser’s address bar also indicates that information, like credit card numbers, is encrypted when transmitted. Look for the lock.

Retail

Retail e-Delivery Passwords Phishing

New York’s Breach Law Amendments and New Security Requirements

Data Protection Report

OCTOBER 1, 2019

New York will exclude from “private information” any encrypted data elements or “combination of personal information plus data elements”—as long as the encryption key has not been acquired by the unauthorized person. Once that determination is made, the person or business must document it in writing and maintain it for five years.

Security

Security Financial Services Passwords Risk

Top GRC Tools & Software for 2021

eSecurity Planet

JANUARY 21, 2021

Governance, risk, and compliance (GRC) software helps businesses manage all of the necessary documentation and processes for ensuring maximum productivity and preparedness. LogicManager’s GRC solution has specific use cases across financial services, education, government, healthcare, retail, and technology industries, among others.

Compliance

Compliance Risk Government Retail

Top 10 Governance, Risk and Compliance (GRC) Vendors

eSecurity Planet

JANUARY 21, 2021

Governance, risk, and compliance (GRC) software helps businesses manage all of the necessary documentation and processes for ensuring maximum productivity and preparedness. LogicManager’s GRC solution has specific use cases across financial services, education, government, healthcare, retail, and technology industries, among others.

Compliance

Compliance Risk Government Retail

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

For example, the New York Department of Financial Services (‘NYDFS’) in March 2017 issued its Cybersecurity Regulation (23 NYCRR 500) (‘the NYDFS Cybersecurity Regulation’), a groundbreaking and far-reaching regulatory regime focused on financial institutions licensed in New York, including insurance companies.

Insurance

Insurance Cybersecurity Data breaches Financial Services

What Are Firewall Rules? Ultimate Guide & Best Practices

eSecurity Planet

JANUARY 24, 2024

For teams in industries like financial services, healthcare, and government, the more specific the access rule, the better. For example, a private network for a hospital, financial services provider, or government agency will need highly restrictive rules, such as thorough blocklists and limited allowlists.

Access

Access Financial Services Compliance Security

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

HL Chronicle of Data Protection

MARCH 14, 2019

It must also address the goals of the plan, internal processes for responding to a security event, and documentation and reporting regarding security events and related incident response activities. The plan must enable FIs to promptly respond to and recover from security events affecting customer information.

Privacy

Privacy Risk Cybersecurity Information Security

UNRAVELING EternalBlue: inside the WannaCry’s enabler

Security Affairs

SEPTEMBER 1, 2023

When printing a document, a person may use their computer, the client, to send a request to a colleague’s computer, the server, with a request to print the document. In some instances, the attacker might choose to deploy ransomware across the network, encrypting important files and bringing operations to a halt.

Phishing

Phishing Ransomware Search queries Access

The Hacker Mind Podcast: Hacking APIs

ForAllSecure

JUNE 16, 2021

Vamosi: Another industry that could be directly affected is financial services, with all the mobile banking applications that are becoming more common today. But then again, as with encryption, you still find people who just for whatever reason, manage to roll their own until it breaks. I could see the communication wide open.

Authentication

Authentication Communications IoT Security

The Hacker Mind Podcast: Hacking APIs

ForAllSecure

JUNE 16, 2021

Vamosi: Another industry that could be directly affected is financial services, with all the mobile banking applications that are becoming more common today. But then again, as with encryption, you still find people who just for whatever reason, manage to roll their own until it breaks. I could see the communication wide open.

Authentication

Authentication Communications IoT Security

Rock the Blockchain: Thales and DigiCert Secure the Data

Thales Cloud Protection & Licensing

SEPTEMBER 15, 2021

DigiCert , a leading provider of PKI, and Thales, a leader in data protection, have a decade-long partnership helping their clients authenticate and encrypt communications, systems, emails, documents, websites, and servers. They’ve also been co-members of Hyperledger , launched by the Linux Foundation in 2015.

Blockchain

Blockchain Security Authentication Compliance

List of data breaches and cyber attacks in July 2019 – 2.2 billion records leaked

IT Governance

JULY 31, 2019

Maitland, FL, dentist says five months of patient records encrypted by ransomware (unknown). Security lapse at email marketing company FormGet exposes user-uploaded documents (43,000). Unprotected server at Brazilian financial services provider exposes customer data (unknown).

Data breaches

Data breaches Ransomware Personal data Government

The Week in Cyber Security and Data Privacy: 8 – 14 January 2024

IT Governance

JANUARY 16, 2024

Police confiscated 11 mobile phones, 7 flash drives, 5 laptops, 4 SD cards, 3 Wi-Fi routers, 2 hard drives, a desktop and a modem, as well as several financial documents containing personal and bank account information belonging to other people.

Data Privacy

Data Privacy Privacy Manufacturing Retail

The Hacker Mind Podcast: Going Passwordless

ForAllSecure

JANUARY 19, 2022

And I think that probably the one which most people resonate with is this physical document, which again, has some attributes and fields, some pieces of information in there, which somehow represents this physical person to somebody else. Well, actually, well, if you encrypt the password, it can be decrypted. It's documented.

Passwords

Passwords Authentication Access Data breaches

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

APRIL 23, 2018

Encrypting critical data assets. On February 21, 2018, the SEC issued an additional cybersecurity disclosure guidance document to assist public companies in drafting their cybersecurity disclosures in their SEC filings. Encrypting Critical Data Assets. Creating an enterprise-wide governance structure.

Cybersecurity

Cybersecurity Risk Passwords Authentication

Zero Trust: Can It Be Implemented Outside the Cloud?

eSecurity Planet

MAY 11, 2023

We’ll go over them briefly here but the details can be found on page 16 of the document. All data sources and computing services are considered resources. Below is a picture of the NIST stack from DoD: The DoD document is very good, as it defines specific requirements and implementation. The document can be found here.

Cloud

Cloud IT Insurance Authentication

Security Affairs newsletter Round 446 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 19, 2023

Israeli man sentenced to 80 months in prison for providing hacker-for-hire services Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine The board of directors of OpenAI fired Sam Altman Medusa ransomware gang claims the hack of Toyota Financial Services CISA adds Sophos Web Appliance bug to its Known Exploited Vulnerabilities catalog (..)

Security

Security Data breaches Ransomware Financial Services

Episode 222: US Rep. Himes on Congress’s About-face on Cybersecurity

The Security Ledger

AUGUST 12, 2021

Between 1998 and today there have been countless hearings on cyber risks and countless reports documenting the federal government’s ineptitude on matters of information security. Capitol Hill’s Long Learning Curve. There have been even more head slapping pronouncements of lawmakers utter cluelessness when it comes to matters of technology.

Cybersecurity

Cybersecurity Financial Services Risk Government

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

LockFile Ransomware uses a new intermittent encryption technique

Webinars

Trending Sources

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Webinars

Choosing to Store, Scan, or Shred Your Documents: A Comprehensive Guide

GUEST ESSAY: 7 tips for protecting investor data when it comes to alternative asset trading

$8 million penalty to NYDFS – and another case of over-retention

The Clock is Ticking for PCI DSS 4.0 Compliance

BlackCocaine Ransomware, a new malware in the threat landscape

API Security in 2024: Imperva Report Uncovers Rising Threats and the Urgent Need for Action

MITRE ResilienCyCon: You Will Be Breached So Be Ready

Ransomware at IT Services Provider Synoptek

Morgan Stanley discloses data breach after the hack of a third-party vendor

Mysterious custom malware used to steal 1.2TB of data from million PCs

What is Cybersecurity Risk Management?

Security Compliance & Data Privacy Regulations

Maze ransomware gang discloses data from drug testing firm HMR

NYDFS Files First Cybersecurity Enforcement Action

2024 Tech and Cybersecurity Forecast: Navigating New Frontiers in Business

Marriott Breach: More than 500 Million Guest Affected

Top 12 Cloud Security Best Practices for 2021

Ransomware Protection in 2021

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

How ATB Financial drives agile data ops with Collibra and GCP

Understanding Blockchain and its Impact on Legal Technology, Part Two

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

50 Ways to Avoid Getting Scammed on Black Friday

New York’s Breach Law Amendments and New Security Requirements

Top GRC Tools & Software for 2021

Top 10 Governance, Risk and Compliance (GRC) Vendors

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

What Are Firewall Rules? Ultimate Guide & Best Practices

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

UNRAVELING EternalBlue: inside the WannaCry’s enabler

The Hacker Mind Podcast: Hacking APIs

The Hacker Mind Podcast: Hacking APIs

Rock the Blockchain: Thales and DigiCert Secure the Data

List of data breaches and cyber attacks in July 2019 – 2.2 billion records leaked

The Week in Cyber Security and Data Privacy: 8 – 14 January 2024

The Hacker Mind Podcast: Going Passwordless

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Zero Trust: Can It Be Implemented Outside the Cloud?

Security Affairs newsletter Round 446 by Pierluigi Paganini – INTERNATIONAL EDITION

Episode 222: US Rep. Himes on Congress’s About-face on Cybersecurity

Stay Connected