Encryption, Events, Financial Services and Security

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. This notice requirement explicitly applies to cybersecurity incidents occurring to the covered entity itself, its affiliates, or a third-party service provider.

Financial Services

Financial Services Cybersecurity Compliance Government

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity

Thales Cloud Protection & Licensing

NOVEMBER 20, 2023

It becomes, therefore, essential for retailers to consider the fresh insights provided by the Thales 2023 Data Threat Report – Financial Services Edition. An astounding 79% of respondents in the financial sector identified it as a significant security threat, with 30% ranking it as their foremost concern.

Retail

Retail Cybersecurity Financial Services Encryption

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

An introduction to Wazi as a Service

IBM Big Data Hub

NOVEMBER 14, 2023

.” This cloud-native development and testing environment for z/OS applications is revolutionizing the modernization process by enabling secure DevSecOps practices. The platform can be automated through a standardized framework validated for Financial Services, leveraging the IBM Cloud Security and Compliance Center service (SCC).

Financial Services

Financial Services Cloud Compliance Digital transformation

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Hunton Privacy

JULY 1, 2022

On June 24, 2022, the New York State Department of Financial Services (“NYDFS” or the “Department”) announced it had entered into a $5 million settlement with Carnival Corp. Since Carnival was licensed by the Department to sell insurance in NY State, it was treated as a covered entity under the Cybersecurity Regulation.

Cybersecurity

Cybersecurity Insurance Phishing Financial Services

FTC amendment to Safeguards Rule

Data Protection Report

NOVEMBER 1, 2023

Under the Federal Trade Commission’s (“FTC”) new amendment to the Safeguards Rule (the “Amended Rule”), non-banking financial institutions will have to report certain data breaches and other security events to the agency. The FTC will publish information from the notification event report on a publicly available database.

Encryption

Encryption Cybersecurity Data breaches Financial Services

Navigating the digital wave: Understanding DORA and the role of confidential computing

IBM Big Data Hub

FEBRUARY 5, 2024

The Digital Operational Resilience Act (DORA) marks a significant milestone in the European Union’s (EU) efforts to bolster the operational resilience of the financial sector in the digital age. Furthermore, the RTS Article 6 highlights the necessity for all networked traffic, both internal and external, to be encrypted.

Encryption

Encryption Data Privacy Compliance Cloud

Q&A: Here’s how Google’s labeling HTTP websites “Not Secure” will strengthen the Internet

The Last Watchdog

AUGUST 15, 2018

In a move to blanket the Internet with encrypted website traffic, Google is moving forward with its insistence that straggling website publishers adopt HTTPS Secure Sockets Layer (SSL). Related: How PKI can secure IoT. It’s true that most financial services and big-name shopping websites have long ago moved to HTTPS.

Security

Security Encryption Authentication Financial Services

5 things to know: IBM Cloud’s mission to accelerate innovation for clients

IBM Big Data Hub

AUGUST 1, 2023

We are bringing the power of foundation models with the availability of a GPU as a service on IBM Cloud offering to help organizations tap into artificial intelligence (AI) in a secured environment while aiming to mitigate third- and fourth-party risk.

Financial Services

Financial Services Computer and Electronics Cloud Digital transformation

New York State Expected to Increase Enforcement of Cybersecurity Practices

HL Chronicle of Data Protection

FEBRUARY 25, 2020

Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the effective date of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act or Act).

Cybersecurity

Cybersecurity Financial Services Data breaches Insurance

What is a Cyberattack? Types and Defenses

eSecurity Planet

JUNE 16, 2022

Cyber criminals may damage, destroy, steal, encrypt, expose, or leak data as well as cause harm to a system. Encrypted threats spiked 167%, ransomware increased 105%, and 5.4 Also read: The Best Wi-Fi 6 Routers Secure and Fast Enough for Business. Also read: Best Antivirus Software of 2022. Cyberattack Statistics. Ransomware.

Ransomware

Ransomware Cybersecurity Phishing Encryption

NYDFS Cybersecurity Regulations: A glimpse into the future

Thales Cloud Protection & Licensing

NOVEMBER 27, 2018

The cybersecurity regulation ( 23 NYCRR 500 ) adopted by the New York State Department of Financial Services (NYDFS) is nearly two years old. Leading up to that date, companies have had to meet several milestones including hiring a CISO, encrypting all its non-public consumer data and enabling multi-factor authentication.

Cybersecurity

Cybersecurity Financial Services Encryption Data Privacy

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

HL Chronicle of Data Protection

OCTOBER 4, 2018

As of Tuesday, September 4, 2018, covered entities are required to be in compliance with additional requirements relating to: Audit Trail (Section 500.06); Application Security (Section 500.08); Limitations on Data Retention (Section 500.13); Monitoring of Authorized Users (Section 500.14(a)); Application Security (Section 500.08).

Cybersecurity

Cybersecurity Encryption Financial Services Compliance

Marriott Breach: More than 500 Million Guest Affected

Adam Levin

NOVEMBER 30, 2018

“The company recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it,” Marriott disclosed in a statement. The vulnerability that the hackers took advantage of had been in place and used for “unauthorized access,” according to the company statement, since 2014.

Financial Services

Financial Services Encryption Passwords Communications

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

HL Chronicle of Data Protection

OCTOBER 4, 2018

As of Tuesday, September 4, 2018, covered entities are required to be in compliance with additional requirements relating to: Audit Trail (Section 500.06); Application Security (Section 500.08); Limitations on Data Retention (Section 500.13); Monitoring of Authorized Users (Section 500.14(a)); Application Security (Section 500.08).

Cybersecurity

Cybersecurity Encryption Financial Services Compliance

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

HL Chronicle of Data Protection

OCTOBER 4, 2018

As of Tuesday, September 4, 2018, covered entities are required to be in compliance with additional requirements relating to: Audit Trail (Section 500.06); Application Security (Section 500.08); Limitations on Data Retention (Section 500.13); Monitoring of Authorized Users (Section 500.14(a)); Application Security (Section 500.08).

Cybersecurity

Cybersecurity Encryption Financial Services Compliance

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. Third-party service provider risk management program. Upcoming certifications.

Cybersecurity

Cybersecurity Compliance Financial Services Risk

Blockchain, Cybersecurity and Global Finance

Hunton Privacy

SEPTEMBER 30, 2015

In the near future, blockchain may become the new architecture of a reinvented global financial services infrastructure. In the event of an actual attack, blockchain’s virtues, such as decentralization and immutability, would instantly become vices, as the malware would spread far and wide and the pollution would not be easily erased.

Blockchain

Blockchain Cybersecurity Financial Services Encryption

Ransomware Protection in 2021

eSecurity Planet

FEBRUARY 16, 2021

The internet is fraught with peril these days, but nothing strikes more fear into users and IT security pros than the threat of ransomware. All of your files are encrypted with RSA-2048 and AES-128 ciphers.” Attackers will inform the victim that their data is encrypted. IMPORTANT INFORMATION !!! Screenshot example.

Ransomware

Ransomware Encryption Insurance Cloud

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Data Matters

MARCH 12, 2019

Over the last few years, States have enacted increasingly aggressive legislation concerning data privacy and security, raising concerns that companies will be subject to a patchwork of different standards. Aligning the Safeguards Rule with State Regimes.

Privacy

Privacy IT Information Security Insurance

Network Encryption Keeps Our Data in Motion Secure for Business Services

Thales Cloud Protection & Licensing

JULY 24, 2023

Network Encryption Keeps Our Data in Motion Secure for Business Services madhav Tue, 07/25/2023 - 04:59 The demand for high-speed networks and fast data transfers is increasing due to cloud adoption, digital transformation, and hybrid work. Why do you need network encryption in business services?

Business Services

Business Services Encryption Manufacturing Security

What is credential stuffing? And how to prevent it?

Security Affairs

MARCH 29, 2022

Earmarked by the FBI as a particular threat to the financial service industry just over a year ago, the increase of internet traffic, data breaches and API usage all contribute to the perfect conditions for successful credential stuffing attacks. Salt Security says in their recommendations for how to defend against credential stuffing.

IT

IT Passwords Authentication Data Privacy

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

Of particular concern to state-level policymakers and enforcement authorities are business practices that in their view may contribute to security incidents. The insurance industry has not been immune from such scrutiny, and the imposition of business practice requirements intended to enhance cybersecurity sector-wide.

Insurance

Insurance Cybersecurity Data breaches Financial Services

Turning Aspiration into Action to Protect Financial Institutions

Thales Cloud Protection & Licensing

DECEMBER 4, 2019

While this event is still considered one of the most grandiose thefts, financial institutions today collectively face digital attacks that easily rival it. Theft and other data security incidents cost financial institutions millions of dollars and result in more consumer records being lost or stolen, year after year.

Financial Services

Financial Services Encryption Cloud Digital transformation

Federal Agency Data is Under Siege

Thales Cloud Protection & Licensing

JULY 24, 2018

With more than 65,000 employees in 56 countries, Thales is a global leader in technology solutions for the aerospace, transport, defence and security markets. Its unique capabilities include the design and deployment of equipment, systems and services to meet complex security requirements. But, that’s not the whole story.

Encryption

Encryption Cloud Data breaches Government

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

Hunton Privacy

AUGUST 15, 2022

On July 29, 2022, the New York Department of Financial Services (“NYDFS”) posted proposed amendments (“Proposed Amendments”) to its Cybersecurity Requirements for Financial Services Companies (“Cybersecurity Regulations”). As part of the “training and monitoring” requirements under Section 500.14 Additional Requirements.

Financial Services

Financial Services Cybersecurity Risk Passwords

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

Hunton Privacy

FEBRUARY 25, 2021

As reported on the Hunton Insurance Recovery blog , on February 4, 2021, the New York Department of Financial Services (“NYDFS”), which regulates the business of insurance in New York, has issued guidelines, in the Insurance Circular Letter No.

Insurance

Insurance Cybersecurity Risk Education

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

HL Chronicle of Data Protection

MARCH 14, 2019

The proposed changes to the Safeguards Rule add a number of more detailed security requirements, whereas the proposed changes to the Privacy Rule are more focused on technical changes to align the Rule with changes in law over the past decade. It includes general, high level elements of a security program, but lacks detailed security steps.

Privacy

Privacy Risk Cybersecurity Information Security

Sorting Through the Whirlwind of News on the Proposed Equifax Settlement and Capital One Breach

ARMA International

AUGUST 2, 2019

According to the FTC’s press release, the data breach included “names and dates of birth, Social Security numbers, physical addresses, and other personal information that could lead to identity theft and fraud.” (See To that end, the settlement also requires Equifax to “implement a comprehensive information security program.”

Cloud

Cloud Data breaches Encryption Access

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

The PIPL also anticipates that a new publicly-available entity list may be published, listings foreign organisations to whom local China organisations may not transfer personal information, where such transfer may harm national security or public interest. This aligns with a similar provision in the new Data Security Law.

Data Privacy

Data Privacy Privacy Compliance Analytics

US: Surviving the service provider data breach

DLA Piper Privacy Matters

JULY 30, 2019

Effective cybersecurity requires organizations to move beyond perimeter defense of their own network to protecting sensitive data in the hands of service providers. From a security and legal perspective, service provider cybersecurity requires significant attention and coordination by all parties both before and after hitting the breach.

Data breaches

Data breaches Cybersecurity Financial Services Risk

Best practices for hybrid cloud banking applications secure and compliant deployment across IBM Cloud and Satellite

IBM Big Data Hub

NOVEMBER 29, 2023

Financial Services clients are increasingly looking to modernize their applications. Moreover, many of these financial services applications support regulated workloads, which require strict levels of security and compliance, including Zero Trust protection of the workloads.

Cloud

Cloud Financial Services Security Compliance

The Hacker Mind Podcast: Going Passwordless

ForAllSecure

JANUARY 19, 2022

Is there something more secure? Simon Moffatt from CyberHut joins The Hacker Mind to discuss how identity and access management (IAM) is fundamental to everything we do online today, and why even multi-factor access, while an improvement, needs to yield to more effortless and more secure passwordless technology that’s coming soon.

Passwords

Passwords Authentication Access Data breaches

Sibos 2018 – a whirlwind tour of my week down under

CGI

DECEMBER 18, 2018

Sibos is one of the biggest banking industry events and is run in a different location every year allowing the great and the good of the financial services world to get away from the office for a week and spend some time seeing what else is going on in the market. as part of the launch of the Trade Information Network.

Financial Services

Financial Services Encryption Marketing GDPR

The Hacker Mind Podcast: DEF CON Villages

ForAllSecure

AUGUST 2, 2022

Vamosi: DEF CON turns 30 This year what began simply as a going away party for a coworker has since evolved over the decades into an annual summer tradition for InfoSec leaders in Las Vegas, which now includes other events such as besides Las Vegas, Diana is known as hackers summer camp. DEF CON 18: I'm Robert Vamosi. I'm Robert Vamosi.

Computer and Electronics

Computer and Electronics IT Security Mining

The Microsoft Exchange Attack Saga Continues

eSecurity Planet

MARCH 26, 2021

While ransomware attacks have become a ubiquitous event these days, what makes this attack distinctive is the ransom demand itself. . approach in that the attackers copy and exfiltrate a company’s data just prior to encrypting it. It is important to note that the simplified tool is not a replacement for the security updates.

Ransomware

Ransomware Authentication Financial Services Military

Best Digital Forensics Tools & Software for 2021

eSecurity Planet

AUGUST 13, 2021

Since the inception of data forensics almost forty years ago, methods for investigating security events have given way to a market of vendors and tools offering digital forensics software (DFS). Under their Security Suite products, OpenText provides industry-renowned EnCase. Paraben Corporation.

e-Discovery

e-Discovery Computer and Electronics Marketing Compliance

Best Network Security Tools 2021

eSecurity Planet

MAY 27, 2021

With almost every aspect of business becoming more digital, enterprise network security software minimizes the impact of cyberattacks — especially as guarding against them protects a company’s operations and safeguards its competitiveness in a fast-moving marketplace. Top network security tools. Network Security Product.

Security

Security Cloud Analytics Access

The Hacker Mind Podcast: EP 69 Self-Healing Operating Systems

ForAllSecure

APRIL 19, 2023

CODEN: Basically, the fundamental issue is look at that early Unix and Linux operating systems that were providing these very basic services that are still the the only things we really need from the operating system today. All kinds of security protections, different things. I was the head of the cybersecurity practice.

Analytics

Analytics Communications Computer and Electronics Cybersecurity

Top Cybersecurity Startups to Watch in 2022

eSecurity Planet

JANUARY 11, 2022

Information security products , services, and professionals have never been in higher demand, making for a world of opportunities for cybersecurity startups. With evolving attack methodologies due to machine learning, quantum computing, and sophisticated nation-state hackers, security startups are receiving record funding.

Cybersecurity

Cybersecurity Cloud Compliance Analytics

The Hacker Mind: MITRE ATT&CK Evaluations

ForAllSecure

MAY 4, 2021

In this episode, Frank Duff, Director of ATT&CK Evaluations for MITRE Engenuity, talks about how both red and blue teams can directly benefit from ATT&CK, and how organizations -- and even some security vendors -- are now evaluating their solutions against it. government agencies. government agencies. Yeah, great but what does it do?

Government

Government IT Access Analytics

The Hacker Mind: MITRE ATT&CK Evaluations

ForAllSecure

MAY 4, 2021

In this episode, Frank Duff, Director of ATT&CK Evaluations for MITRE Engenuity, talks about how both red and blue teams can directly benefit from ATT&CK, and how organizations -- and even some security vendors -- are now evaluating their solutions against it. government agencies. government agencies. Yeah, great but what does it do?

Government

Government IT Access Analytics

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Webinars

Trending Sources

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity

Webinars

An introduction to Wazi as a Service

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

FTC amendment to Safeguards Rule

Navigating the digital wave: Understanding DORA and the role of confidential computing

Q&A: Here’s how Google’s labeling HTTP websites “Not Secure” will strengthen the Internet

5 things to know: IBM Cloud’s mission to accelerate innovation for clients

New York State Expected to Increase Enforcement of Cybersecurity Practices

What is a Cyberattack? Types and Defenses

NYDFS Cybersecurity Regulations: A glimpse into the future

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

Marriott Breach: More than 500 Million Guest Affected

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Blockchain, Cybersecurity and Global Finance

Ransomware Protection in 2021

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Network Encryption Keeps Our Data in Motion Secure for Business Services

What is credential stuffing? And how to prevent it?

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

Turning Aspiration into Action to Protect Financial Institutions

Federal Agency Data is Under Siege

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

Sorting Through the Whirlwind of News on the Proposed Equifax Settlement and Capital One Breach

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

US: Surviving the service provider data breach

Best practices for hybrid cloud banking applications secure and compliant deployment across IBM Cloud and Satellite

The Hacker Mind Podcast: Going Passwordless

Sibos 2018 – a whirlwind tour of my week down under

The Hacker Mind Podcast: DEF CON Villages

The Microsoft Exchange Attack Saga Continues

Best Digital Forensics Tools & Software for 2021

Best Network Security Tools 2021

The Hacker Mind Podcast: EP 69 Self-Healing Operating Systems

Top Cybersecurity Startups to Watch in 2022

The Hacker Mind: MITRE ATT&CK Evaluations

The Hacker Mind: MITRE ATT&CK Evaluations

Stay Connected