Encryption, Financial Services, Government and Risk

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. Class A companies are specifically required to: – conduct independent audits of their cybersecurity program based on their risk assessment (500.2(c));

Financial Services

Financial Services Cybersecurity Compliance Government

Financial services continue to lead in cybersecurity preparedness, but chinks appear in the armor

Thales Cloud Protection & Licensing

AUGUST 31, 2022

Financial services continue to lead in cybersecurity preparedness, but chinks appear in the armor. However, all this attention from cyber criminals, as well as regulators and governments, has produced an extremely resilient industry with some of the best cyber security practices of any sector. Thu, 09/01/2022 - 05:15.

Financial Services

Financial Services Cybersecurity Computer and Electronics Cloud

What is Cybersecurity Risk Management?

eSecurity Planet

FEBRUARY 11, 2022

Risk management is a concept that has been around as long as companies have had assets to protect. Risk management also extends to physical devices, such as doors and locks to protect homes and vehicles, vaults to protect money and precious jewels, and police, fire, and CCTV to protect against other physical risks.

Risk

Risk Cybersecurity Encryption Access

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

Top 10 Governance, Risk and Compliance (GRC) Vendors

eSecurity Planet

JANUARY 21, 2021

Governance, risk, and compliance (GRC) software helps businesses manage all of the necessary documentation and processes for ensuring maximum productivity and preparedness. It includes multi-disciplinary risk and compliance management solutions and tools, including: IT & security risk management. Audit management.

Compliance

Compliance Risk Government Retail

Putting data storage at the forefront of cloud security

IBM Big Data Hub

NOVEMBER 7, 2023

Recent advances in areas like AI and quantum computing offer transformative potential for businesses, but may also bring new risks and security challenges. IBM Cloud Object Storage is built on the IBM Cloud Framework for Financial Services , which was designed to help clients focus on their security and compliance postures.

Cloud

Cloud Financial Services Security Compliance

$8 million penalty to NYDFS – and another case of over-retention

Data Protection Report

JANUARY 18, 2024

On January 3, 2024, the New York Department of Financial Services announced a consent order with GGT, where GGT agreed to pay NYDFS $8 million and to surrender its BitLicense (for cryptocurrency trading), due to alleged violations of NYDFS’ cybersecurity and its virtual currency regulations.

Cybersecurity

Cybersecurity Financial Services Compliance Encryption

Slack Launched Encryption Key Addon For Businesses

Security Affairs

MARCH 18, 2019

Slack announced today to launch encryption keys that will help businesses to protect their data. Slack announced today to launch encryption keys that will help businesses to protect their data. Slack announced today to launch encryption keys that will help businesses to protect their data. What are the security risks of Slack?

Encryption

Encryption Risk Financial Services Privacy

5 things to know: Driving innovation with AI and hybrid cloud in the year ahead

IBM Big Data Hub

DECEMBER 18, 2023

For organizations of all types—and especially those in highly regulated industries such as financial services, government, healthcare and telco—considerations including the rise of generative AI, evolving regulations and data sovereignty laws and ongoing security challenges must be top of mind.

Cloud

Cloud Financial Services Compliance Digital transformation

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity

Thales Cloud Protection & Licensing

NOVEMBER 20, 2023

Black Friday and Cyber Monday, both hailed as the epitome of shopping extravagance, are also synonymous with a heightened risk of cyberattacks on retail platforms. It becomes, therefore, essential for retailers to consider the fresh insights provided by the Thales 2023 Data Threat Report – Financial Services Edition.

Retail

Retail Cybersecurity Financial Services Encryption

IBM Cloud delivers enterprise sovereign cloud capabilities

IBM Big Data Hub

FEBRUARY 22, 2024

IBM’s Enterprise Cloud for Regulated Industries Building on our expertise working with enterprise clients in industries such as financial services, government, healthcare and telco, we saw the need for a cloud platform designed with the unique needs of these heavily regulated industries in mind.

Cloud

Cloud Computer and Electronics Compliance Financial Services

Navigating the digital wave: Understanding DORA and the role of confidential computing

IBM Big Data Hub

FEBRUARY 5, 2024

The Digital Operational Resilience Act (DORA) marks a significant milestone in the European Union’s (EU) efforts to bolster the operational resilience of the financial sector in the digital age. Furthermore, the RTS Article 6 highlights the necessity for all networked traffic, both internal and external, to be encrypted.

Encryption

Encryption Data Privacy Compliance Cloud

Delivering security and scalability in today’s business landscape requires more than setting up a front line of defense

IBM Big Data Hub

DECEMBER 14, 2023

A cybersecurity strategy is not solely about managing risk across a business’ IT infrastructure. IBM is supporting clients across industries in their cybersecurity journey by providing comprehensive security capabilities to help make it easier to simplify their risk management and demonstrate regulatory compliance postures.

Cloud

Cloud Security Data breaches Cybersecurity

Tackling Data Sovereignty with DDR

Security Affairs

JUNE 20, 2023

Data sovereignty also encompasses the rights and regulations governing data storage, processing, and transfer and often intersects with privacy, security, and legal considerations. By recognizing the significance of data sovereignty, businesses can take measures to enhance data security and control, mitigating these risks.

Compliance

Compliance Cybersecurity Risk Encryption

Helping enterprises across regulated industries leverage hybrid cloud and AI

IBM Big Data Hub

MAY 8, 2024

We designed our enterprise cloud platform for even the most highly regulated industries with the unique needs of these heavily regulated sectors, such as financial services , government , healthcare and telco , in mind.

Cloud

Cloud Customer Experience Artificial Intelligence Compliance

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

See the Top Governance, Risk and Compliance (GRC) Tools. Other industry standards too can have the force of “pseudo-law” – notably, the NIST Cybersecurity Framework, which federal regulators often apply to financial-services firms and government contractors. PIPL Raises the Bar – And the Stakes.

Data Privacy

Data Privacy Compliance Privacy Security

NYDFS finalizes cybersecurity rule amendments

Data Protection Report

NOVEMBER 2, 2023

On November 1, 2023, the New York Department of Financial Services (NYDFS) finalized the second amendment to its cybersecurity regulations, which are available here. a)(2) [automated scans], 500.7, [risk assessment] 500.14(a)(2) a)(2) [risk-based controls] and 500.14(b) d) and 500.22(e)),

Cybersecurity

Cybersecurity Compliance Financial Services Government

MITRE ResilienCyCon: You Will Be Breached So Be Ready

eSecurity Planet

NOVEMBER 17, 2022

Venables spent much of his presentation discussing the many ways Google Cloud reduces concentration risk (see slide below). Also read : Is the Answer to Vulnerabilities Patch Management as a Service? MSSPs Fare Well in First MITRE Evaluations. Backup Is Hard. Really Hard. Prepare Now. The conference — held in McLean, Va.,

Cloud

Cloud Encryption Ransomware Cybersecurity

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6 CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6

Security

Security Data breaches Ransomware Artificial Intelligence

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

. “AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors. ransomware and phishing scams).

Ransomware

Ransomware Passwords Encryption Financial Services

Top 12 Cloud Security Best Practices for 2021

eSecurity Planet

SEPTEMBER 10, 2021

Public cloud infrastructure as a service (IaaS) may be less vulnerable than traditional data centers, but that doesn’t mean it’s without its own set of risks. Does the provider encrypt data while in transit and at rest? What is cloud security? What level of technical support is the provider willing to provide?

Cloud

Cloud Security Encryption Risk

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

The Last Watchdog

SEPTEMBER 7, 2022

The technology industry has met the dramatic rise in ransomware and other cyber attacks with an impressive set of tools to help companies mitigate the risks. Healthcare and public health, financial services, and IT organizations are frequent targets, although businesses of all sizes can fall victim to these schemes.

Ransomware

Ransomware Education Phishing Financial Services

Navigating the EU-US Data Protection Framework

Thales Cloud Protection & Licensing

JANUARY 10, 2024

As stated by the International Association of Privacy Professional ( IAPP ) critical sectors such as financial services are therefore conspicuously excluded, leaving organizations without a clear pathway to data protection compliance and potentially exposing them to significant risks.

Data Privacy

Data Privacy Personal data Privacy Cloud

Top GRC Tools & Software for 2021

eSecurity Planet

JANUARY 21, 2021

Governance, risk, and compliance (GRC) software helps businesses manage all of the necessary documentation and processes for ensuring maximum productivity and preparedness. It includes multi-disciplinary risk and compliance management solutions and tools, including: IT & security risk management. Audit management.

Compliance

Compliance Risk Government Retail

CENTRAL BANK DIGITAL CURRENCIES

Thales Cloud Protection & Licensing

FEBRUARY 27, 2023

CBDC Benefits With the introduction of CBDCs there are multiple benefits for Consumers, Government &Central Banks and other Financial institutions. Improved financial inclusion: CBDCs can make it easier for people to access financial services, especially in areas where there is limited access to traditional banking infrastructure.

Financial Services

Financial Services Access Risk Security

What is a Cyberattack? Types and Defenses

eSecurity Planet

JUNE 16, 2022

Cyber criminals may damage, destroy, steal, encrypt, expose, or leak data as well as cause harm to a system. Encrypted threats spiked 167%, ransomware increased 105%, and 5.4 In May, cybersecurity researchers revealed that ransomware attacks are increasing their aggressive approach by destroying data instead of encrypting it.

Ransomware

Ransomware Cybersecurity Phishing Encryption

Maze ransomware gang discloses data from drug testing firm HMR

Security Affairs

APRIL 8, 2020

The attack took place on March 14th, 2020, when the Maze Ransomware operators exfiltrated data from the HMR’s network and then encrypt their systems. The Hammersmith Medicines Research is notifying impacted individuals via email the incident, the hackers stole data then employed ransomware to encrypt its systems.

Ransomware

Ransomware Data breaches Encryption Financial Services

Office of Foreign Assets Control: Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

Data Matters

OCTOBER 8, 2020

Treasury Department’s Office of Foreign Assets Control (OFAC) published an advisory that highlights the risk of potential U.S. government has repeatedly sanctioned cybercriminals for their actions. sanctions law violations if U.S. individuals and businesses comply with ransomware payment demands. Since 2015, the U.S. sanctions).

Ransomware

Ransomware Compliance Risk Government

Confidential Containers with Red Hat OpenShift Container Platform and IBM® Secure Execution for Linux

IBM Big Data Hub

JANUARY 10, 2024

So that records and sensitive medical data are encrypted and processed securely, protecting against data leaks and unauthorized access. Financial services: innovate customer experience while keeping sensitive information secure and stay compliant Financial institutions face constant threats to their critical data and financial transactions.

Security

Security Cloud Data Privacy Financial Services

Ransomware Protection in 2021

eSecurity Planet

FEBRUARY 16, 2021

All of your files are encrypted with RSA-2048 and AES-128 ciphers.” ” Or you might see a readme.txt stating, “Your files have been replaced by these encrypted containers and aren’t accessible; you will lose your files on [enter date] unless you pay $2500 in Bitcoin.” IMPORTANT INFORMATION !!! Description.

Ransomware

Ransomware Encryption Insurance Cloud

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

Hunton Privacy

FEBRUARY 25, 2021

As reported on the Hunton Insurance Recovery blog , on February 4, 2021, the New York Department of Financial Services (“NYDFS”), which regulates the business of insurance in New York, has issued guidelines, in the Insurance Circular Letter No. billion were made under property/casualty policies that were silent about cyber risks.

Insurance

Insurance Cybersecurity Risk Education

Federal Agency Data is Under Siege

Thales Cloud Protection & Licensing

JULY 24, 2018

The 57 percent rate statistic is the highest of all verticals we measured in this year’s report (others include the healthcare industry, the retail industry, and the financial services industry) or any region surveyed. More so than commercial enterprises, government agencies are making a massive shift to the cloud.

Encryption

Encryption Cloud Data breaches Government

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

Hunton Privacy

FEBRUARY 6, 2015

On February 3, 2015, the Securities and Exchange Commission (“SEC”) released a Risk Alert , entitled Cybersecurity Examination Sweep Summary, summarizing observations from the recent round of cybersecurity examinations of registered broker-dealers and investment advisers under the Cybersecurity Examination Initiative.

Cybersecurity

Cybersecurity Insurance Financial Services Risk

How ATB Financial drives agile data ops with Collibra and GCP

Collibra

MARCH 23, 2021

ATB Financial provides a diversified set of financial services to more than 770,000 residents of Alberta, Canada. Being a regionally focused institution, the group is dedicated to knowing its customers intimately, understanding their needs and providing products and services that help them achieve their goals.

Cloud

Cloud Government Access Metadata

Turning Aspiration into Action to Protect Financial Institutions

Thales Cloud Protection & Licensing

DECEMBER 4, 2019

Data security professionals also make ambitious plans, but implementation rates are too low – a key finding in the 2019 Thales Data Threat Report-Financial Services Edition. Here’s a look at four common issues highlighted in the 2019 Thales Data Threat Report-Financial Services Edition and tips for overcoming them.

Financial Services

Financial Services Encryption Cloud Digital transformation

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

Hunton Privacy

AUGUST 15, 2022

On July 29, 2022, the New York Department of Financial Services (“NYDFS”) posted proposed amendments (“Proposed Amendments”) to its Cybersecurity Requirements for Financial Services Companies (“Cybersecurity Regulations”). As part of the “risk assessment” requirements under Section 500.9

Financial Services

Financial Services Cybersecurity Risk Passwords

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

We have summarised the key compliance obligations under the PIPL below, with new obligations in bold for ease of reference: Relevant Laws/Regulations The PIPL becomes the primary, national-level law governing processing of personal information, but does not replace the existing data privacy framework.

Data Privacy

Data Privacy Privacy Compliance Analytics

US: Coronavirus – Cybersecurity considerations for your newly remote workforce

DLA Piper Privacy Matters

APRIL 2, 2020

In the context of this global crisis, cyber risk management involves balancing the productivity of a workforce with ensuring confidentiality, integrity and availability of the company’s own systems and data, as well as that of their supply chain. Sophisticated attacks can tailor messages individually to dupe specific employees.

Cybersecurity

Cybersecurity Phishing Authentication Access

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

HL Chronicle of Data Protection

MARCH 14, 2019

The CISO would be required to report in writing, at least annually, to the FI’s board of directors or equivalent governing body, or, if none exists, a senior officer responsible for the WISP regarding the overall status of the WISP and material matters related to the WISP. Periodic risk assessments. Service provider oversight.

Privacy

Privacy Risk Cybersecurity Information Security

Choosing to Store, Scan, or Shred Your Documents: A Comprehensive Guide

Armstrong Archives

DECEMBER 18, 2023

If your company doesn’t meet compliance requirements, your business may be at risk of lawsuits, fines, or both. Financial services: Institutions in the financial industry also have to abide by strict regulations, such as the Sarbanes-Oxley Act. Many have strict document retention policies in place as well.

Archiving

Archiving Paper Records Management Compliance

US: Surviving the service provider data breach

DLA Piper Privacy Matters

JULY 30, 2019

Beyond data breach notification laws relating to personal information, the covered entity and service provider’s rights and obligations relating to cyber incidents are often defined by contract. At least nine states expressly extend these requirements to service providers. Proactive steps.

Data breaches

Data breaches Cybersecurity Financial Services Risk

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

APRIL 23, 2018

A high-profile cyber incident may cause substantial financial and reputational losses to an organization, including the disruption of corporate business processes, destruction or theft of critical data assets, loss of goodwill, and shareholder and consumer litigation. Creating an enterprise-wide governance structure.

Cybersecurity

Cybersecurity Risk Passwords Authentication

GUEST ESSAY: Why organizations need to prepare for cyber attacks fueled by quantum computers

The Last Watchdog

MAY 26, 2022

Related: The role of post-quantum encryption. Quantum computers pose yet another looming threat since it has been mathematically proven that quantum computers with enough power will crack all the world’s public encryption. We most recently witnessed this as Russia invaded Ukraine.

Ransomware

Ransomware Government Agriculture Encryption

CIPL Publishes Discussion Paper on Digital Assets and Privacy

Hunton Privacy

JANUARY 20, 2023

As financial services authorities move to regulate digital assets in jurisdictions worldwide, the paper highlights the need to bring privacy regulators into the discussion so that data privacy issues affecting blockchain are addressed in tandem. Confidentiality and government access.

Paper

Paper Blockchain Privacy Financial Services

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Financial services continue to lead in cybersecurity preparedness, but chinks appear in the armor

Webinars

Trending Sources

What is Cybersecurity Risk Management?

Webinars

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Top 10 Governance, Risk and Compliance (GRC) Vendors

Putting data storage at the forefront of cloud security

$8 million penalty to NYDFS – and another case of over-retention

Slack Launched Encryption Key Addon For Businesses

5 things to know: Driving innovation with AI and hybrid cloud in the year ahead

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity

IBM Cloud delivers enterprise sovereign cloud capabilities

Navigating the digital wave: Understanding DORA and the role of confidential computing

Delivering security and scalability in today’s business landscape requires more than setting up a front line of defense

Tackling Data Sovereignty with DDR

Helping enterprises across regulated industries leverage hybrid cloud and AI

Security Compliance & Data Privacy Regulations

NYDFS finalizes cybersecurity rule amendments

MITRE ResilienCyCon: You Will Be Breached So Be Ready

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Avoslocker ransomware gang targets US critical infrastructure

Top 12 Cloud Security Best Practices for 2021

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

Navigating the EU-US Data Protection Framework

Top GRC Tools & Software for 2021

CENTRAL BANK DIGITAL CURRENCIES

What is a Cyberattack? Types and Defenses

Maze ransomware gang discloses data from drug testing firm HMR

Office of Foreign Assets Control: Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

Confidential Containers with Red Hat OpenShift Container Platform and IBM® Secure Execution for Linux

Ransomware Protection in 2021

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

Federal Agency Data is Under Siege

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

How ATB Financial drives agile data ops with Collibra and GCP

Turning Aspiration into Action to Protect Financial Institutions

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

US: Coronavirus – Cybersecurity considerations for your newly remote workforce

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

Choosing to Store, Scan, or Shred Your Documents: A Comprehensive Guide

US: Surviving the service provider data breach

An Approach to Cybersecurity Risk Oversight for Corporate Directors

GUEST ESSAY: Why organizations need to prepare for cyber attacks fueled by quantum computers

CIPL Publishes Discussion Paper on Digital Assets and Privacy

Stay Connected