Data Matters

MAY 4, 2022

Sidley’s Privacy and Cybersecurity practice has been involved in many of the most complex cyber events in recent years from Yahoo! He is one of the few lawyers who has led multiple global responses to data integrity attacks involving the financial services industry.

Cybersecurity 165

Cybersecurity Marketing Security Privacy 165

Data Protection Report

NOVEMBER 2, 2023

On November 1, 2023, the New York Department of Financial Services (NYDFS) finalized the second amendment to its cybersecurity regulations, which are available here. NYDFS retained the broader term “cybersecurity event” that it uses in several sections of the regulation, but, with respect to notifications to NYDFS (§ 500.17(a)),

Cybersecurity 105

Cybersecurity Compliance Financial Services Government 105

IBM Big Data Hub

MARCH 20, 2024

Organizations in the financial services, healthcare and other regulated sectors must place an even greater focus on managing risk—not only to meet compliance requirements, but also to maintain customer confidence and trust.

Cloud 72

Cloud Financial Services Risk Business Services 72

eSecurity Planet

JUNE 16, 2022

Encrypted threats spiked 167%, ransomware increased 105%, and 5.4 These new attacks affect everything from private citizens and businesses to government systems; healthcare organizations; public services; and food, water, and fuel supply chains. Ransomware. Ransomware is the fastest-growing trend. Mobile attacks.

Ransomware 145

Ransomware Cybersecurity Phishing Encryption 145

Hunton Privacy

AUGUST 15, 2022

On July 29, 2022, the New York Department of Financial Services (“NYDFS”) posted proposed amendments (“Proposed Amendments”) to its Cybersecurity Requirements for Financial Services Companies (“Cybersecurity Regulations”). As part of the “training and monitoring” requirements under Section 500.14 Additional Requirements.

Financial Services 55

Financial Services Cybersecurity Risk Passwords 55

IT Governance

AUGUST 26, 2021

For example, financial services firms may be worried about employees breaching insider trading laws. Additionally, the Cloud service provider itself may be vulnerable to attacks – as we saw recently with the ransomware attack on Kaseya.

Compliance 117

Compliance Data breaches Privacy Risk 117

Hunton Privacy

FEBRUARY 25, 2021

As reported on the Hunton Insurance Recovery blog , on February 4, 2021, the New York Department of Financial Services (“NYDFS”), which regulates the business of insurance in New York, has issued guidelines, in the Insurance Circular Letter No. billion were made under property/casualty policies that were silent about cyber risks.

Insurance 70

Insurance Cybersecurity Risk Education 70

KnowBe4

FEBRUARY 14, 2023

For KnowBe4 customers, we have a few templates with this topic in the Current Events. Based on alerts generated by your existing security stack products , SecurityCoach analyzes and identifies detected threat events to send your users a contextual, real-time SecurityTip at the moment risky behavior occurs.

Phishing 96

Phishing Security awareness Compliance Risk 96

Data Protection Report

APRIL 9, 2024

The CIRCIA was originally enacted in part as a response to recent attacks on critical infrastructure, such as the ransomware attack on Colonial Pipeline in May 2021, but CISA’s proposed regulations take a surprisingly broad view of who may be considered a covered entity and what incidents are reportable.

Ransomware 84

Ransomware Agriculture Cybersecurity Government 84

DLA Piper Privacy Matters

JULY 30, 2019

Beyond data breach notification laws relating to personal information, the covered entity and service provider’s rights and obligations relating to cyber incidents are often defined by contract. At least nine states expressly extend these requirements to service providers. Key service provider incident response steps.

Data breaches 45

Data breaches Cybersecurity Financial Services Risk 45

eSecurity Planet

JANUARY 27, 2022

As threats mount from ransomware gangs , Russian-backed hacker groups , and other nation-sponsored attackers and as the growth in remote work makes security management increasingly complicated, many companies are finding it makes sense to turn to a managed security service provider (MSSP) for help with handling an extremely complex threat landscape.

Security 108

Security Cloud Compliance Analytics 108

Data Matters

MARCH 21, 2022

Congress has passed a significant new cybersecurity law that will require critical infrastructure entities to report material cybersecurity incidents and ransomware payments to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 and 24 hours, respectively. Background. a supply chain compromise.

Ransomware 95

Ransomware Cybersecurity Agriculture Communications 95

Data Protection Report

NOVEMBER 3, 2017

Slightly over one year ago, several major distributed denial-of-service (“DDoS”) attacks took place, including a major event affecting the domain name service provider Dyn , which caused outages and slowness for a number of popular sites, including Amazon, Netflix, Reddit, SoundCloud, Spotify, and Twitter. DDoS Mitigation.

IoT 40

IoT Communications Risk Passwords 40

eSecurity Planet

MARCH 26, 2021

The Biggest Ransomware Demand in History. The latest episode in the story is Acer Computer, who fell victim to a ransomware attack. While ransomware attacks have become a ubiquitous event these days, what makes this attack distinctive is the ransom demand itself. . REvil uses the Ransomware 2.0

Ransomware 57

Ransomware Authentication Financial Services Military 57

Data Protection Report

AUGUST 11, 2022

On July 29, 2022, the New York Department of Financial Services (NYDFS) announced a “pre-proposed outreach” of material proposed changes to almost every section of its cybersecurity regulations, and would affect each entity covered by the current regulations of 23 NYCRR Part 500. Governance. The Proposed Regulation Changes.

Cybersecurity 59

Cybersecurity Risk Passwords Compliance 59

IT Governance

DECEMBER 11, 2023

suffers second ransomware attack in months Having been struck by a ransomware attack in October by the BlackSuit group , which led to operations and appointments being postponed, Akumin Inc. has suffered a second attack, this time by the BianLian ransomware group. Data breached: more than 59 million data records. Akumin Inc.

Data Privacy 84

Data Privacy Energy and Utilities Privacy Manufacturing 84

eSecurity Planet

OCTOBER 14, 2021

Officials with Microsoft’s Azure public cloud said the company in late August was able to stave off a record distributed denial-of-service (DDoS) attack against a European customer that originated in the Asia-Pacific region. million requests per second against a target in the financial services industry. The attack, which hit 2.4

IoT 108

IoT Cloud Ransomware Financial Services 108

IT Governance

JANUARY 23, 2024

Source (New) Real estate USA Yes 46,906 Hampton-Newport News Community Services Board Source 1 ; source 2 ; source 3 (New) Healthcare USA Yes 44,312 Air Methods Source 1 ; source 2 (New) Healthcare USA Yes 34,016 GREYHOURS Source (New) Retail France Yes 18,700 Groveport Madison Schools Source 1 ; source 2 ; source 3 (Update) Education USA Yes 15.5

Data Privacy 52

Data Privacy Privacy Manufacturing Security 52

Hunton Privacy

JUNE 12, 2017

Department of Health and Human Services’ Office for Civil Rights (“OCR”) and the Health Care Industry Cybersecurity Task Force (the “Task Force”) have published important materials addressing cybersecurity in the health care industry. lists key steps that an organization must undertake in the event of a cyber attack. What do we do now?,”

Cybersecurity 45

Cybersecurity Computer and Electronics Education Financial Services 45

ForAllSecure

APRIL 19, 2023

So, if if my system is attacked by ransomware, and I can detect the attack and recover in seconds, and the adversary gets no benefit from having a technique. VAMOSI:So we talk about it being more secure and you make some reference to ransomware. VAMOSI: Michael mentioned financial services. They'll eventually stop.

Analytics 40

Analytics Communications Computer and Electronics IT 40

KnowBe4

MAY 31, 2023

That's right – the financial services industry, at least according to cybersecurity vendor Armorblox's 2023 Email Security Threat Report. According to the report, the financial services industry as a target has increased by 72% over 2022 and was the single largest target of financial fraud attacks, representing 49% of all such attacks.

Phishing 95

Phishing File names Security awareness Risk 95

eSecurity Planet

JUNE 1, 2021

Atlantic Council, the Organization for Security and Co-operation in Europe, the Ukrainian Anti-Corruption Action Center, the EU DisinfoLab and the Irish government’s Department of Foreign Affairs. government agencies and more than 100 private companies, including Cisco, Intel and Microsoft. Specific targets included the U.S.

Phishing 70

Phishing Cybersecurity Government Authentication 70

eSecurity Planet

JANUARY 11, 2022

Open Raven analyzes data at rest, classifies inventory, and automates data governance as these become critical capabilities for the hybrid infrastructure’s security posture. Deduce offers actionable identity intelligence through event-level telemetry to act against abnormal user activity. Perimeter 81. JupiterOne. Cape Privacy.

Cybersecurity 142

Cybersecurity Cloud Compliance Analytics 142

IT Governance

SEPTEMBER 30, 2021

Nevada Restaurant Services, Inc. Provides Notice Of Data Privacy Event | | djournal.com (0). SC: Dorchester County Government Notice of February Security Incident (databreaches.net) (0). HBP Financial Services Group notice of breach impacting Pathology Consultants of New London, PC (databreaches.net) (0).

Data breaches 107

Data breaches Ransomware Financial Services Privacy 107

The Last Watchdog

NOVEMBER 16, 2023

A snapshot of the challenges on the horizon for next year and in the full report are: •RaaS will bring hope to more cybercriminals – The growth of Ransomware-as-a-Service (RaaS) will catapult large-scale criminal gangs to enterprise status and level up the lower-skilled crime groups. The only thing they won’t do in 2024, is pay taxes.

Ransomware 100

Ransomware Cybersecurity Financial Services Marketing 100

ForAllSecure

MAY 4, 2021

government agencies. Duff: What MITRE does is provide usually high level understanding to our government customers on problems that they face, and that can range anything from work we do with the FAA to work we do with the NCC OE so the National Cybersecurity Center of Excellence, which is operated by NIST, a variety of programs in between.

Government 52

Government IT Access Analytics 52

ForAllSecure

MAY 4, 2021

government agencies. Duff: What MITRE does is provide usually high level understanding to our government customers on problems that they face, and that can range anything from work we do with the FAA to work we do with the NCC OE so the National Cybersecurity Center of Excellence, which is operated by NIST, a variety of programs in between.

Government 52

Government IT Access Analytics 52