Data Protection Report

NOVEMBER 1, 2023

Under the Federal Trade Commission’s (“FTC”) new amendment to the Safeguards Rule (the “Amended Rule”), non-banking financial institutions will have to report certain data breaches and other security events to the agency. The FTC will publish information from the notification event report on a publicly available database.

Encryption 58

Encryption Cybersecurity Data breaches Financial Services 58

IBM Big Data Hub

FEBRUARY 5, 2024

The Digital Operational Resilience Act (DORA) marks a significant milestone in the European Union’s (EU) efforts to bolster the operational resilience of the financial sector in the digital age. Furthermore, the RTS Article 6 highlights the necessity for all networked traffic, both internal and external, to be encrypted.

Encryption 74

Encryption Data Privacy Compliance Cloud 74

Data Protection Report

NOVEMBER 2, 2023

On November 1, 2023, the New York Department of Financial Services (NYDFS) finalized the second amendment to its cybersecurity regulations, which are available here. NYDFS retained the broader term “cybersecurity event” that it uses in several sections of the regulation, but, with respect to notifications to NYDFS (§ 500.17(a)),

Cybersecurity 105

Cybersecurity Compliance Financial Services Government 105

IBM Big Data Hub

AUGUST 1, 2023

We continue to make key updates to our cloud infrastructure to drive progress that has resulted in improvements to cloud stability and resiliency, including an 87% year-over-year reduction in Severity 1 Customer Impacting Events (CIEs) and a 38% decrease in Severity 1 CIE disruption time for the same compared periods in 2022 versus 2021.

Financial Services 68

Financial Services Computer and Electronics Cloud Digital transformation 68

HL Chronicle of Data Protection

FEBRUARY 25, 2020

Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the effective date of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act or Act).

Cybersecurity 104

Cybersecurity Financial Services Data breaches Insurance 104

IBM Big Data Hub

NOVEMBER 29, 2023

Financial Services clients are increasingly looking to modernize their applications. Moreover, many of these financial services applications support regulated workloads, which require strict levels of security and compliance, including Zero Trust protection of the workloads.

Cloud 100

Cloud Financial Services Security Compliance 100

Thales Cloud Protection & Licensing

NOVEMBER 27, 2018

The cybersecurity regulation ( 23 NYCRR 500 ) adopted by the New York State Department of Financial Services (NYDFS) is nearly two years old. Leading up to that date, companies have had to meet several milestones including hiring a CISO, encrypting all its non-public consumer data and enabling multi-factor authentication.

Cybersecurity 71

Cybersecurity Financial Services Encryption Data Privacy 71

eSecurity Planet

JUNE 16, 2022

Cyber criminals may damage, destroy, steal, encrypt, expose, or leak data as well as cause harm to a system. Encrypted threats spiked 167%, ransomware increased 105%, and 5.4 In May, cybersecurity researchers revealed that ransomware attacks are increasing their aggressive approach by destroying data instead of encrypting it.

Ransomware 138

Ransomware Cybersecurity Phishing Encryption 138

The Last Watchdog

AUGUST 15, 2018

In a move to blanket the Internet with encrypted website traffic, Google is moving forward with its insistence that straggling website publishers adopt HTTPS Secure Sockets Layer (SSL). It’s true that most financial services and big-name shopping websites have long ago moved to HTTPS. Related: How PKI can secure IoT.

Security 152

Security Encryption Authentication Financial Services 152

HL Chronicle of Data Protection

OCTOBER 4, 2018

Encryption of Non-public Information (Section 500.15). Encryption of Nonpublic Information (Section 500.15). Covered Entities must implement controls, including encryption, to protect nonpublic information held or transmitted by the Covered Entity both in transit over external networks and at rest.

Cybersecurity 65

Cybersecurity Encryption Financial Services Compliance 65

Adam Levin

NOVEMBER 30, 2018

“The company recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it,” Marriott disclosed in a statement. The vulnerability that the hackers took advantage of had been in place and used for “unauthorized access,” according to the company statement, since 2014.

Financial Services 66

Financial Services Encryption Passwords Communications 66

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. Upcoming certifications.

Cybersecurity 40

Cybersecurity Financial Services Compliance Risk 40

Hunton Privacy

SEPTEMBER 30, 2015

In the near future, blockchain may become the new architecture of a reinvented global financial services infrastructure. In the event of an actual attack, blockchain’s virtues, such as decentralization and immutability, would instantly become vices, as the malware would spread far and wide and the pollution would not be easily erased.

Blockchain 49

Blockchain Cybersecurity Financial Services Encryption 49

HL Chronicle of Data Protection

OCTOBER 4, 2018

Encryption of Non-public Information (Section 500.15). Encryption of Nonpublic Information (Section 500.15). Covered Entities must implement controls, including encryption, to protect nonpublic information held or transmitted by the Covered Entity both in transit over external networks and at rest.

Cybersecurity 40

Cybersecurity Encryption Financial Services Compliance 40

HL Chronicle of Data Protection

OCTOBER 4, 2018

Encryption of Non-public Information (Section 500.15). Encryption of Nonpublic Information (Section 500.15). Covered Entities must implement controls, including encryption, to protect nonpublic information held or transmitted by the Covered Entity both in transit over external networks and at rest.

Cybersecurity 40

Cybersecurity Encryption Financial Services Compliance 40

Hunton Privacy

APRIL 27, 2017

Earlier this month, the New York State Department of Financial Services (“NYDFS”) recently published FAQs and key dates for its cybersecurity regulation (the “NYDFS Regulation”) for financial institutions that became effective on March 1, 2017. September 3, 2018 – the eighteen month transitional period ends.

Cybersecurity 53

Cybersecurity Compliance Financial Services Insurance 53

CGI

DECEMBER 18, 2018

Sibos is one of the biggest banking industry events and is run in a different location every year allowing the great and the good of the financial services world to get away from the office for a week and spend some time seeing what else is going on in the market. as part of the launch of the Trade Information Network.

Financial Services 40

Financial Services Encryption Marketing GDPR 40

eSecurity Planet

FEBRUARY 16, 2021

All of your files are encrypted with RSA-2048 and AES-128 ciphers.” ” Or you might see a readme.txt stating, “Your files have been replaced by these encrypted containers and aren’t accessible; you will lose your files on [enter date] unless you pay $2500 in Bitcoin.” IMPORTANT INFORMATION !!!

Ransomware 97

Ransomware Encryption Insurance Cloud 97

Data Matters

MARCH 12, 2019

Of particular note, the Safeguards Rule NPRM proposes to align the FTC’s requirements with those of the New York Department of Financial Services (“NYDFS”), as found in its cybersecurity regulations, and the National Association of Insurance Commissioners (“NAIC”), as found in its insurance data security model law.

Privacy 68

Privacy IT Information Security Insurance 68

Thales Cloud Protection & Licensing

DECEMBER 4, 2019

While this event is still considered one of the most grandiose thefts, financial institutions today collectively face digital attacks that easily rival it. Theft and other data security incidents cost financial institutions millions of dollars and result in more consumer records being lost or stolen, year after year.

Financial Services 22

Financial Services Encryption Cloud Digital transformation 22

Security Affairs

MARCH 29, 2022

Earmarked by the FBI as a particular threat to the financial service industry just over a year ago, the increase of internet traffic, data breaches and API usage all contribute to the perfect conditions for successful credential stuffing attacks. In that event, you should probably also change your password. Fingerprint device.

IT 72

IT Passwords Authentication Data Privacy 72

eSecurity Planet

JANUARY 11, 2022

Deduce offers actionable identity intelligence through event-level telemetry to act against abnormal user activity. GitGuardian is a developer favorite offering a secrets detection solution that scans source code to detect certificates, passwords, API keys, encryption keys, and more. Ubiq Security. Cape Privacy.

Cybersecurity 142

Cybersecurity Cloud Compliance Analytics 142

HL Chronicle of Data Protection

MAY 13, 2019

For example, the New York Department of Financial Services (‘NYDFS’) in March 2017 issued its Cybersecurity Regulation (23 NYCRR 500) (‘the NYDFS Cybersecurity Regulation’), a groundbreaking and far-reaching regulatory regime focused on financial institutions licensed in New York, including insurance companies.

Insurance 40

Insurance Cybersecurity Data breaches Financial Services 40

eSecurity Planet

MARCH 26, 2021

While ransomware attacks have become a ubiquitous event these days, what makes this attack distinctive is the ransom demand itself. . approach in that the attackers copy and exfiltrate a company’s data just prior to encrypting it. The Biggest Ransomware Demand in History. REvil uses the Ransomware 2.0 According to their data, the U.S.

Ransomware 57

Ransomware Authentication Financial Services Military 57

Hunton Privacy

FEBRUARY 25, 2021

As reported on the Hunton Insurance Recovery blog , on February 4, 2021, the New York Department of Financial Services (“NYDFS”), which regulates the business of insurance in New York, has issued guidelines, in the Insurance Circular Letter No.

Insurance 70

Insurance Cybersecurity Risk Education 70

Thales Cloud Protection & Licensing

JULY 24, 2018

The 57 percent rate statistic is the highest of all verticals we measured in this year’s report (others include the healthcare industry, the retail industry, and the financial services industry) or any region surveyed. Forty-eight percent used more than 100 Software-as-a-Service (SaaS) applications.

Encryption 48

Encryption Cloud Data breaches Government 48

eSecurity Planet

AUGUST 13, 2021

Since the inception of data forensics almost forty years ago, methods for investigating security events have given way to a market of vendors and tools offering digital forensics software (DFS). While Cellebrite offers a range of DFIR tools, the Cellebrite UFED is known as one of the best commercial tools for digital device forensics.

e-Discovery 135

e-Discovery Computer and Electronics Marketing Compliance 135

eSecurity Planet

MAY 27, 2021

Security information and event management SIEM Splunk IBM. Larger organizations most targeted by advanced persistent threats (APTs) like enterprises and government agencies, financial services, energy, and telecommunications make up Kaspersky EDR’s clientele. Security information and event management (SIEM): Splunk.

Security 87

Security Cloud Analytics Access 87

HL Chronicle of Data Protection

MARCH 14, 2019

The plan must enable FIs to promptly respond to and recover from security events affecting customer information. It must also address the goals of the plan, internal processes for responding to a security event, and documentation and reporting regarding security events and related incident response activities.

Privacy 40

Privacy Risk Cybersecurity Information Security 40

ARMA International

AUGUST 2, 2019

The details of the event are evolving, but Capital One issued a statement of its understanding so far. Though Capital One reports that it encrypts its data as a standard practice, the data was de-encrypted during the breach. See [link]. Overview and Frequently Asked Questions.) and 6 million Canadian individuals.

Cloud 41

Cloud Data breaches Encryption Access 41

DLA Piper Privacy Matters

JULY 30, 2019

Some states – such as Alabama, Massachusetts and New York (for financial services companies) – prescribe particular requirements of a “reasonable” cybersecurity program. At least nine states expressly extend these requirements to service providers.

Data breaches 45

Data breaches Cybersecurity Financial Services Risk 45

DLA Piper Privacy Matters

AUGUST 23, 2021

The PIPL includes a specific obligation on data controllers to adopt corresponding encryption or deidentification technologies, and to adopt access controls and training. Immediate remedial action must be taken in the event of any suspected or actual data disclosure, loss or tampering. This aligns with the new Data Security Law.

Data Privacy 111

Data Privacy Privacy Compliance Analytics 111

ForAllSecure

AUGUST 2, 2022

Vamosi: DEF CON turns 30 This year what began simply as a going away party for a coworker has since evolved over the decades into an annual summer tradition for InfoSec leaders in Las Vegas, which now includes other events such as besides Las Vegas, Diana is known as hackers summer camp. DEF CON 18: I'm Robert Vamosi. is or what it controls.

Computer and Electronics 40

Computer and Electronics IT Security Mining 40

ForAllSecure

JANUARY 19, 2022

Moffatt: I think tokens are typically what I guess happens once somebody has authenticated so once the authentication event is taking place, and you've identified it, yeah, this is some Simon coming back. So the tokens are very important and they are really sort of an output of the sort of authentication event.

Passwords 52

Passwords Authentication Access Data breaches 52

ForAllSecure

MAY 4, 2021

In a moment we'll hear about a cool new framework that MITRE developed it attempts to map potential threats by looking at past events and catalogs, all known tactics and techniques used by criminal hackers. Vamosi: ATT&CK also allows you to move to the next level to get ahead of the adversary ATT & CK based on past events.

Government 52

Government IT Access Analytics 52

ForAllSecure

MAY 4, 2021

In a moment we'll hear about a cool new framework that MITRE developed it attempts to map potential threats by looking at past events and catalogs, all known tactics and techniques used by criminal hackers. Vamosi: ATT&CK also allows you to move to the next level to get ahead of the adversary ATT & CK based on past events.

Government 52

Government IT Access Analytics 52

ForAllSecure

APRIL 19, 2023

Somebody's trying to say encrypt the whole database or exfiltrate the whole database. VAMOSI: Michael mentioned financial services. The next generation of catastrophic hospital events is going to be when the medical technology systems, blood analyzers and the pharmacy system and other monitoring systems are attacked.

Analytics 40

Analytics Communications Computer and Electronics Cybersecurity 40