2020 and Financial Services - Information Management Today

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

NY Department of Financial Services Issues Guidance to Regulated Entities Regarding Cybersecurity During the COVID-19 Pandemic

Hunton Privacy

APRIL 22, 2020

On April 13, 2020, the New York Department of Financial Services (“NYDFS”) issued guidance (“April guidance”) to all New York State entities covered under NYDFS’s cybersecurity regulation regarding assessing and addressing heightened cybersecurity risks due to the COVID-19 pandemic.

Financial Services

Financial Services Cybersecurity Phishing Risk

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

Security Affairs

MARCH 8, 2022

The US Federal Bureau of Investigation (FBI) and CISA published a flash alert to warn that the Ragnar Locker ransomware gang has breached the networks of at least 52 organizations across 10 critical infrastructure sectors. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Ransomware

Ransomware Passwords Financial Services Manufacturing

Hindsight is 2020. Looking back so we can move forward

Thales Cloud Protection & Licensing

FEBRUARY 11, 2020

2020 ends a decade, and the new year prompted me to think “Wow it’s been two decades since we started Vormetric.” So, in 2020 we’re looking at frontiers like the cloud and cloud native technologies (including microservices). The post Hindsight is 2020. And the mission we started then still applies now.

Cloud

Cloud Government Financial Services Access

FBI obtained 7,000 LockBit decryption keys, victims should contact the feds to get support

Security Affairs

JUNE 6, 2024

Khoroshev, AKA LockBitSupp, who thrived on anonymity and offered a $10 million reward to anyone who could reveal his identity, will now be subject to a series of asset freezes and travel bans.” on January 5, 2020. reads the press release published by NCA. continues the NCA.

Energy and Utilities

Energy and Utilities Ransomware Agriculture Encryption

Top 10 Governance, Risk and Compliance (GRC) Vendors

eSecurity Planet

JANUARY 21, 2021

Archer was named a Leader in Gartner’s 2020 Magic Quadrant for IT risk management and IT vendor risk management tools. Additionally, Forrester named it a Contender in its Q1 2020 GRC Wave. Financial reporting compliance. Plus, Forrester named it a Leader in its Q1 2020 GRC Wave. See our in-depth look at RSA Archer.

Compliance

Compliance Risk Government Retail

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Hunton Privacy

JULY 1, 2022

On June 24, 2022, the New York State Department of Financial Services (“NYDFS” or the “Department”) announced it had entered into a $5 million settlement with Carnival Corp.

Cybersecurity

Cybersecurity Insurance Phishing Financial Services

Cloud, Intelligent Content Services, and Digital Fragility: What’s on the RIM Horizon for 2020

ARMA International

DECEMBER 26, 2019

For 2019, 34% of RIM professionals reported they had restructured their programs, with an additional 31% planning to do so into 2020. A further 32% expect to use a cloud records management platform into 2020, up substantially from 18% in 2017. Intelligent Content Services and Automation: Must-Haves for 2020 Roadmaps.

Content services

Content services Cloud Records Management Privacy

Payments and Fintech: Addressing Key EU, UK and U.S. Cybersecurity Issues

Data Matters

JULY 17, 2020

July 21 & 22, 2020. Tuesday, July 21, 2020 – Register. Wednesday, July 22, 2020 – Register. Senior Associate, Banking and Financial Services Practice, London. PT | 11:00 a.m. ET | 4:00 p.m. BST | 11:00 a.m. CET | 5:00 p.m. Senior Associate, Cyber Risk Practice, Kroll. Colleen Brown. Max Savoie.

Cybersecurity

Cybersecurity Financial Services GDPR Privacy

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

The credentials are sold for an average of $15.43, the most expensive pairs relate to banking and financial services accounts, with an average price of nearly $71. Accounts for media streaming, social media, file sharing, virtual private networks (VPNs), and adult-content sites all trade for significantly under $10.”

Marketing

Marketing Passwords Financial Services Access

How Can We Secure The Future of Digital Payments?

Thales Cloud Protection & Licensing

JANUARY 10, 2022

The financial services ecosystem has evolved tremendously over the past few years driven by a surge in the adoption of digital payments. Our data shows us that in the first quarter of 2020, there was a larger shift to digital payment forms in 10 weeks than we had seen in the preceding five years. Tue, 01/11/2022 - 06:35.

Retail

Retail Security Financial Services Authentication

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

3 The SEC and its staff followed the September 2017 statement with various cybersecurity-related initiatives and guidance, including January 27, 2020, cybersecurity guidance and observations published by the SEC’s Division of Examinations (formerly Office of Compliance Inspections and Examinations). 27, 2020). 15, 2020).

Cybersecurity

Cybersecurity Financial Services Risk Compliance

Cloudflare: Mirai Botnet Launched Record-Breaking DDoS Attack

eSecurity Planet

AUGUST 22, 2021

Cloudflare last month fought off a massive distributed denial-of-service (DDoS) attack by a botnet that was bombarding 17.2 million requests per second (rps) at one of the internet infrastructure company’s customers in the financial services space. DDoS Attacks on the Rise. That prediction proved correct.

Financial Services

Financial Services IoT Education Passwords

Market Leading Cybersecurity and National Security Lawyers David Lashway and John Woods Join Sidley in Washington, D.C.

Data Matters

MAY 4, 2022

Mr. Lashway and Mr. Woods join Sidley from Baker McKenzie where they started and led the global cybersecurity practice group for over 10 years. He has significant experience in addressing election security and misinformation related issues, and was deeply involved in the investigations into the 2016 and 2020 elections targeting various U.S.

Cybersecurity

Cybersecurity Marketing Security Privacy

The U.S. Office of the Comptroller of the Currency Seeks Comment on Digital Innovation by Banks

Data Matters

JUNE 12, 2020

In particular, the ANPR seeks comment on 10 groups of specific questions, including these: i. Comments are due by August 3, 2020. Comments are due by August 3, 2020. Comments are due by August 3, 2020. To what extent does customer engagement in crypto-related activities impact banks and the banking industry?

Artificial Intelligence

Artificial Intelligence Blockchain Financial Services Computer and Electronics

Mysterious custom malware used to steal 1.2TB of data from million PCs

Security Affairs

JUNE 11, 2021

million Windows systems between 2018 and 2020. million unique email addresses, NordLocker found, for an array of different apps and services. These included logins for social media, online games, online marketplaces, job-search sites, consumer electronics, financial services, email services, and more.

Computer and Electronics

Computer and Electronics Archiving Encryption Passwords

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

Data Matters

MARCH 28, 2022

For example, the number of breaches of unsecured electronic Personal Health Information (“ePHI”) reported to the OCR affecting 500 or more individuals due to hacking or IT incidents increased 45% from 2019 to 2020. R-LA) introduced the Health Data Use and Privacy Commission Act (“Act”) on February 10, 2022.

Cybersecurity

Cybersecurity Privacy Insurance Risk

Oracle Kills 402 Bugs in Massive October Patch Update

Threatpost

OCTOBER 21, 2020

Over half of Oracle's flaws in its quarterly patch update can be remotely exploitable without authentication; two have CVSS scores of 10 out of 10.

Authentication

Authentication Financial Services IT Retail

The Future of Payments Security

Thales Cloud Protection & Licensing

JANUARY 26, 2021

The Verizon DBIR 2020 report indicates that financially motivated attacks against retailers have moved away from Point of Sale (POS) devices and controllers, towards web applications. Source: Verizon DBIR 2020. Fraud and scams move to the web. Figure 1: Web application breaches in the Retail industry. Stolen credentials.

Security

Security Retail Authentication Big data

You’re Invited to an In-Person Event: CCPAnow: Understanding the Challenge Ahead and What You Should Be Doing Now

HL Chronicle of Data Protection

APRIL 1, 2019

The groundbreaking California Consumer Privacy Act (CCPA) takes effect on January 1, 2020, and companies are already working on compliance. How will the financial incentives and anti-discrimination provisions actually work when consumers exercise their rights? April 16 – 10:00 a.m. – EST. Hogan Lovells New York.

Sales

Sales Financial Services Privacy Compliance

Navigating the EU-US Data Protection Framework

Thales Cloud Protection & Licensing

JANUARY 10, 2024

Navigating the EU-US Data Protection Framework sparsh Thu, 01/11/2024 - 05:26 On 10 July 2023, the European Commission adopted a new adequacy decision regarding the Data Privacy Framework (“DPF”). This follows the invalidation of the EU-US Privacy Shield, by the Court of Justice of the European Union on 16 July 2020.

Data Privacy

Data Privacy Personal data Privacy Cloud

Think Outside of the Gartner Magic Quadrant for Master Data Management Solutions to Deliver Connected Customer Experiences

Reltio

JANUARY 23, 2020

The Gartner Magic Quadrant for Master Data Management Solutions, 2020 was just published. And in 2020, legacy MDM vendors still do not provide their software as a service (SaaS). Remember, nearly 9 out of 10 US customers say trust determines how much data they will share. And that brings me to the reason for this blog.

Customer Experience

Customer Experience MDM Healthcare Marketing

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

Certain sectors, such as banking, financial services, health, and insurance have their own data protection and privacy requirements. A data subject request is an action by an individual to exercise that right, and the organization has an obligation to respond to that request 10 11. 10 California Privacy Rights Act (CPRA).

Personal data

Personal data GDPR Privacy Records Management

NYDFS Requires COVID-19 Plans by April 9

Data Protection Report

APRIL 2, 2020

On March 10, 2020, the New York Department of Financial Services (NYDFS) issued guidance to all of its regulated institutions engaged in virtual currency business activity, requiring them to have plans for preparedness to manage the possible operational and financial risks posed by the COVID-19 pandemic.

Risk

Risk Communications Authentication Financial Services

Keeping Up with New Data Protection Regulations

erwin

APRIL 11, 2019

Some suggest the California Consumer Privacy Act (CCPA), which takes effect January 1, 2020, sets a precedent other states will follow by empowering consumers to set limits on how companies can use their personal information. California recently passed a law that gives residents the right to control the data companies collect about them.

GDPR

GDPR e-Discovery Compliance Metadata

Ephesoft Recognized as Alfresco Software’s Global Technology Partner of the Year

Info Source

MAY 21, 2020

MAY 21, 2020. a leader in content acquisition and data enrichment solutions, today announced that Alfresco Software , an open source, content services provider, selected Ephesoft as its FY2020 Global Technology Partner of the Year. Go-to-Market Worldwide Technology Partnership Focuses on Cloud Innovation and Improved Customer Success.

Digital transformation

Digital transformation Content services Artificial Intelligence Insurance

NYDFS Announces a Series of Virtual Currency Initiatives

Data Matters

JULY 7, 2020

On June 24, 2020, the New York State Department of Financial Service (NYDFS) announced a series of virtual currency initiatives aimed at providing additional opportunities and clarity for BitLicense and limited-purpose trust company applicants and licensees. Adopting and Listing of New Virtual Currencies.

Mining

Mining Financial Services IT Marketing

Ireland: DPC Annual Report 2020: Enforcement & Transfers Dominate Agenda

DLA Piper Privacy Matters

MARCH 4, 2021

In its second full year overseeing and regulating the GDPR in Ireland, the Data Protection Commission ( DPC ) has published its 2020 Annual Report , highlighting key observations, emerging guidance, and large scale inquiries and decisions of 2020. 90% of the recorded breach cases were concluded in 2020. Breach Notifications.

GDPR

GDPR Compliance Data breaches Marketing

Regulatory Update: NAIC Fall 2020 National Meeting

Data Matters

DECEMBER 28, 2020

The National Association of Insurance Commissioners (NAIC) held its Fall 2020 National Meeting (Fall Meeting) December 3-9, 2020. Noncontrolling ownership over 10% results in a related party classification regardless of any Disclaimer. As a result of the continuing COVID-19 pandemic, the NAIC once again met in a virtual format.

Insurance

Insurance Paper Risk Analytics

New York’s Breach Law Amendments and New Security Requirements

Data Protection Report

OCTOBER 1, 2019

Although California has recently captured the lion’s share of attention with respect to privacy and security, on October 23, 2019, New York’s amended security breach law goes into effect, and on March 1, 2020, new security safeguards go live (N.Y. Breach Law Changes. Data Security Protections.

Security

Security Financial Services Passwords Risk

The Scalability Imperative: Responsiveness to Manage Planned and Unplanned Spikes

Reltio

APRIL 1, 2020

As a consumer, we don't know or care whether the applications we're using have 10 other concurrent users or 10 million other concurrent users. The issue is particularly prevalent in industries like retail and financial services, which can contend with massive spikes in usage based on seasonality and marketing initiatives.

Retail

Retail MDM Cloud Customer Experience

Ransomware Protection in 2021

eSecurity Planet

FEBRUARY 16, 2021

Just in 2020, the SolarWinds hack could’ve been prevented for organizations that promptly patch software. Toward the end of 2020, Comparitech collected and shared dozens of insights into ransomware figures and trends over the last few years. Ransomware attacks increased by 130% in 2020 ( Beazley Group ). Zero Trust. Statistics.

Ransomware

Ransomware Encryption Insurance Cloud

Say Goodbye to 2020, Say Hello to 2021!

Reltio

DECEMBER 22, 2020

While 2020 has been challenging, challenges make us stronger. Our customers help us shape our products and services to make us a stronger company and a better company to do business with. 9 out of the top 10 life science companies are our customers. The post Say Goodbye to 2020, Say Hello to 2021! Please keep it coming.

Digital transformation

Digital transformation Financial Services Insurance Cloud

Takeaways From CCPA Public Forums

Data Matters

FEBRUARY 12, 2019

Against this backdrop, and with less than a year before the CCPA goes into effect on January 1, 2020, eyes are now increasingly turning to the California Attorney General (AG). The CCPA enters into force on January 1, 2020, but doesn’t require the AG to finish his rulemaking until six months later, on July 1, 2020.

Sales

Sales Privacy Data Privacy Compliance

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

Hunton Privacy

FEBRUARY 25, 2021

As reported on the Hunton Insurance Recovery blog , on February 4, 2021, the New York Department of Financial Services (“NYDFS”), which regulates the business of insurance in New York, has issued guidelines, in the Insurance Circular Letter No. 10, 2018), remains pending in an Illinois state court. The litigation, Mondelez Intl.

Insurance

Insurance Cybersecurity Risk Education

CyberheistNews Vol 13 #13 [Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks

KnowBe4

MARCH 28, 2023

Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense. back in 2020. When it comes to personal devices, the increase isn't as staggering, but the numbers are still horrible – back in 2020, 14.3% Last year that number jumped to 11.8% - more than a 6x increase!

Phishing

Phishing Security awareness Insurance Cybersecurity

8 Interesting Predictions for the Intelligent Information Capture Market in 2022

Info Source

MARCH 16, 2022

In 2022, we expect digital inputs to business transactions to grow over 10%, while paper-based inputs will continue to decline. As recently as five years ago, Cloud Capture Services made up less than 7% of the global Capture Software market. By 2020, driven by a strong push caused by the pandemic, that percentage had more than doubled.

Information capture

Information capture Marketing Digital transformation Cloud

Top 12 Cloud Security Best Practices for 2021

eSecurity Planet

SEPTEMBER 10, 2021

The fourth biggest threat to public cloud security identified in CloudPassage’s report is unauthorized access (and growing – 53 percent, up from 42 percent in 2020). Dozens of companies offer solutions or services specifically designed to enhance cloud security. Deploy an identity and access management solution.

Cloud

Cloud Security Encryption Risk

8 Interesting Predictions for the Intelligent Information Capture Market in 2022

Info Source

MARCH 16, 2022

In 2022, we expect digital inputs to business transactions to grow over 10%, while paper-based inputs will continue to decline. As recently as five years ago, Cloud Capture Services made up less than 7% of the global Capture Software market. By 2020, driven by a strong push caused by the pandemic, that percentage had more than doubled.

Information capture

Information capture Marketing Digital transformation Cloud

Researchers shared the lists of victims of SolarWinds hack

Security Affairs

DECEMBER 22, 2020

link] pic.twitter.com/40VfXuR6JI — RedDrip Team (@RedDrip7) December 16, 2020. College of Law and Business, Israel NetBios HTTP Backdoor 2020-05-26 ad001.mtk.lo NetBios HTTP Backdoor 2020-07-03 barrie.ca City of Barrie NetBios HTTP Backdoor 2020-05-13 BCC.l NetBios HTTP Backdoor 2020-07-03 barrie.ca

Communications

Communications Manufacturing Financial Services Insurance

Data Protection and the Draft EU-UK Withdrawal Agreement: Ten Initial Conclusions

HL Chronicle of Data Protection

NOVEMBER 15, 2018

Assuming that the withdrawal agreement is passed (which is a big assumption – see conclusion eight below), then the transition period is initially expected to run from 29 March 2019 until 31 December 2020. During this time the GDPR, along with all other EU data protection laws, will continue in effect within the UK.

GDPR

GDPR Personal data Government Financial Services

SHARED INTEL: ‘Credential stuffers’ leverage enduring flaws to prey on video game industry

The Last Watchdog

JULY 7, 2021

The video game industry saw massive growth in 2020; nothing like a global pandemic to drive people to spend more time than ever gaming. The video game industry withstood nearly 11 billion credential stuffing attacks in 2020, a 224 percent spike over 2019. In 2020, criminals started to process their lists differently.

Passwords

Passwords Authentication Marketing Access

Best Fraud Management Systems & Detection Tools in 2022

eSecurity Planet

SEPTEMBER 16, 2022

This is more than a 70% increase over 2020. 52% of companies with more than $10 billion in revenue were hit with fraud. In its 2021 Threat Force Intelligence Index , IBM reported that manufacturing and financial services were the two industries most at risk for attack, making up 23.2% of attacks IBM handled, respectively.

Analytics

Analytics Risk Authentication Financial Services

Regulatory Update: NAIC Summer 2019 National Meeting

Data Matters

SEPTEMBER 4, 2019

The New York State Department of Financial Services recently amended its annuity suitability regulation to apply a “best interest” standard in connection with both life insurance and annuity transactions with consumers. In particular, with the expected start of the ICS monitoring period in 2020, U.S.

Insurance

Insurance Paper Risk Analytics

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

NY Department of Financial Services Issues Guidance to Regulated Entities Regarding Cybersecurity During the COVID-19 Pandemic

Trending Sources

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

Hindsight is 2020. Looking back so we can move forward

FBI obtained 7,000 LockBit decryption keys, victims should contact the feds to get support

Top 10 Governance, Risk and Compliance (GRC) Vendors

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Cloud, Intelligent Content Services, and Digital Fragility: What’s on the RIM Horizon for 2020

Payments and Fintech: Addressing Key EU, UK and U.S. Cybersecurity Issues

15 billion credentials available in the cybercrime marketplaces

How Can We Secure The Future of Digital Payments?

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Cloudflare: Mirai Botnet Launched Record-Breaking DDoS Attack

Market Leading Cybersecurity and National Security Lawyers David Lashway and John Woods Join Sidley in Washington, D.C.

The U.S. Office of the Comptroller of the Currency Seeks Comment on Digital Innovation by Banks

Mysterious custom malware used to steal 1.2TB of data from million PCs

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

Oracle Kills 402 Bugs in Massive October Patch Update

The Future of Payments Security

You’re Invited to an In-Person Event: CCPAnow: Understanding the Challenge Ahead and What You Should Be Doing Now

Navigating the EU-US Data Protection Framework

Think Outside of the Gartner Magic Quadrant for Master Data Management Solutions to Deliver Connected Customer Experiences

The Impact of Data Protection Laws on Your Records Retention Schedule

NYDFS Requires COVID-19 Plans by April 9

Keeping Up with New Data Protection Regulations

Ephesoft Recognized as Alfresco Software’s Global Technology Partner of the Year

NYDFS Announces a Series of Virtual Currency Initiatives

Ireland: DPC Annual Report 2020: Enforcement & Transfers Dominate Agenda

Regulatory Update: NAIC Fall 2020 National Meeting

New York’s Breach Law Amendments and New Security Requirements

The Scalability Imperative: Responsiveness to Manage Planned and Unplanned Spikes

Ransomware Protection in 2021

Say Goodbye to 2020, Say Hello to 2021!

Takeaways From CCPA Public Forums

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

CyberheistNews Vol 13 #13 [Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks

8 Interesting Predictions for the Intelligent Information Capture Market in 2022

Top 12 Cloud Security Best Practices for 2021

8 Interesting Predictions for the Intelligent Information Capture Market in 2022

Researchers shared the lists of victims of SolarWinds hack

Data Protection and the Draft EU-UK Withdrawal Agreement: Ten Initial Conclusions

SHARED INTEL: ‘Credential stuffers’ leverage enduring flaws to prey on video game industry

Best Fraud Management Systems & Detection Tools in 2022

Regulatory Update: NAIC Summer 2019 National Meeting

Stay Connected