Financial Services, Government, Security and Training

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. The Amendment also includes new governance requirements and responsibilities applicable to the CISO of all covered entities.

Financial Services

Financial Services Cybersecurity Compliance Government

The Financial Service and Insurance Industries Need Intelligent Document Processing; Here’s Why

Rocket Software

MARCH 14, 2022

Analyst firm IDC recently published a Vendor Spotlight report featuring ASG Mobius Content Services (Mobius) and its applications in the financial service and insurance industries. Going forward, businesses need to fill these gaps with the right solutions to manage critical information assets securely and effectively.

Financial Services

Financial Services Insurance Digital transformation Paper

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Hunton Privacy

NOVEMBER 23, 2022

On November 9, 2022, the New York Department of Financial Services (NYDFS) released its second, proposed amendments to the Part 500 Cybersecurity Rule. Covered Entities must have a monitoring process that ensures prompt notification of any new security vulnerabilities. Cybersecurity Governance.

Financial Services

Financial Services Cybersecurity Ransomware Compliance

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. GDPR (among other legal requirements in the EU and elsewhere) can expose multinational organizations to hefty financial penalties, additional rules for disclosing data breaches, and increased scrutiny of the adequacy of their data security.

Data Privacy

Data Privacy Compliance Privacy Security

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

FEBRUARY 10, 2021

On February 4, 2021, the New York Department of Financial Services (NYDFS) issued Circular Letter No. Lacewell stated that cybersecurity is the biggest risk for government and private organizations and described how the Framework is based on “extensive dialogue with industry and experts.”. The Framework. 1 See W.B.

Insurance

Insurance Financial Services Cybersecurity Risk

The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea

Security Affairs

MAY 24, 2023

The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against four entities and one individual for their role in malicious cyber operations conducted to support the government of North Korea. ” reads the announcement.

Government

Government Military Financial Services IT

Finance sector must simplify staff awareness training

IT Governance

APRIL 11, 2019

Financial services firms must do more to educate employees about cyber security, according to the FCA (Financial Conduct Authority). What should financial organisations be doing? Organisations need to make staff awareness training a board-level priority. Staff awareness training is a crucial part of this.

Retail

Retail Risk Education Financial Services

5 things to know: Driving innovation with AI and hybrid cloud in the year ahead

IBM Big Data Hub

DECEMBER 18, 2023

For organizations of all types—and especially those in highly regulated industries such as financial services, government, healthcare and telco—considerations including the rise of generative AI, evolving regulations and data sovereignty laws and ongoing security challenges must be top of mind.

Cloud

Cloud Financial Services Compliance Digital transformation

Confidential Containers with Red Hat OpenShift Container Platform and IBM® Secure Execution for Linux

IBM Big Data Hub

JANUARY 10, 2024

Hybrid cloud has become the dominant approach for enterprise cloud strategies , but it comes with complexity and concerns over integration, security and skills. Hybrid cloud is also forcing a significant rethinking of how to secure and protect data and assets.

Security

Security Cloud Data Privacy Financial Services

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity

Thales Cloud Protection & Licensing

NOVEMBER 20, 2023

The IBM 2023 Cost of a Data Breach Report , for example, highlights the continuous financial burden on retailers, which, coupled with potential reputational damage, emphasizes the dire need for retailers to prioritize and bolster their cybersecurity measures. Behind every system, software, and security protocol stands a human being.

Retail

Retail Cybersecurity Financial Services Encryption

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Hunton Privacy

JULY 1, 2022

On June 24, 2022, the New York State Department of Financial Services (“NYDFS” or the “Department”) announced it had entered into a $5 million settlement with Carnival Corp.

Cybersecurity

Cybersecurity Insurance Phishing Financial Services

Top 12 Cloud Security Best Practices for 2021

eSecurity Planet

SEPTEMBER 10, 2021

From the very beginning of the cloud computing era, security has been the biggest concern among enterprises considering the public cloud. In addition, 95 percent of survey respondents confirmed that they are extremely to moderately concerned about public cloud security. What is cloud security?

Cloud

Cloud Security Encryption Risk

Risk Management under the DORA Regulation

IT Governance

NOVEMBER 23, 2023

The financial sector is quite heavily regulated, and involves a lot of confidential data. You’d therefore expect that the sector fares better at data security than your average organisation. Perhaps even more concerning to EU lawmakers is how dependent society at large is on banking and other financial services.

Risk

Risk Data breaches Authentication Financial Services

$8 million penalty to NYDFS – and another case of over-retention

Data Protection Report

JANUARY 18, 2024

On January 3, 2024, the New York Department of Financial Services announced a consent order with GGT, where GGT agreed to pay NYDFS $8 million and to surrender its BitLicense (for cryptocurrency trading), due to alleged violations of NYDFS’ cybersecurity and its virtual currency regulations.

Cybersecurity

Cybersecurity Financial Services Compliance Encryption

Catches of the Month: Phishing Scams for October 2023

IT Governance

OCTOBER 13, 2023

October is both Cybersecurity Awareness Month in the US and European Cyber Security Month in the EU – twin campaigns on either side of the Atlantic that aim to improve awareness of the importance of cyber security both at work and at home, and provide tips on how to stay secure.

Phishing

Phishing Financial Services Manufacturing Personal data

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

IT Governance

APRIL 29, 2024

Keyboard app vulnerabilities reveal keystrokes to network eavesdroppers Security researchers have identified critical security vulnerabilities in Cloud-based pinyin keyboard apps from Baidu, Inc., We identified certain accounts that we believe are affiliated with the Spy.pet website, which we have subsequently banned.”

2024 Tech and Cybersecurity Forecast: Navigating New Frontiers in Business

Thales Cloud Protection & Licensing

DECEMBER 20, 2023

This development model enables enterprises to conduct model training and processing directly at the edge or on-premises. This strategy addresses security concerns related to intellectual property and sensitive data in large language models (LLMs). This necessitates a shift in cybersecurity strategies. Gartner has recognized this shift.

Cybersecurity

Cybersecurity Blockchain Artificial Intelligence Encryption

Tackling Data Sovereignty with DDR

Security Affairs

JUNE 20, 2023

Those who fail to take a proactive approach to secure their data often learn the hard way how vulnerable – and valuable – that data can be. Data sovereignty plays a crucial role in a robust security strategy. When data is sovereign, an organization retains control and ownership over that data.

Compliance

Compliance Cybersecurity Risk Encryption

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

. “AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors. Consider installing and using a VPN.

Ransomware

Ransomware Passwords Encryption Financial Services

Top 10 Governance, Risk and Compliance (GRC) Vendors

eSecurity Planet

JANUARY 21, 2021

Governance, risk, and compliance (GRC) software helps businesses manage all of the necessary documentation and processes for ensuring maximum productivity and preparedness. It includes multi-disciplinary risk and compliance management solutions and tools, including: IT & security risk management. Third-party governance.

Compliance

Compliance Risk Government Retail

Hundreds of malicious Chrome browser extensions used to spy on you!

Security Affairs

JUNE 20, 2020

Malicious Chrome browser extensions were used in a massive surveillance campaign aimed at users working in the financial services, oil and gas, media and entertainment, healthcare, government organizations, and pharmaceuticals. ” reads the analysis published by Awake Security. .” ” continues the report.

Healthcare

Healthcare Financial Services Communications Security

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

The SEC is considering enhancing its disclosure rules concerning cybersecurity risk governance and has indicated a target release date of October 2021. The Order alleges that this vulnerability exposed over 800 million images dating back to 2003, including sensitive personal data, such as Social Security numbers and financial information.

Cybersecurity

Cybersecurity Financial Services Risk Compliance

CyberheistNews Vol 13 #07 [Scam of the Week] The Turkey-Syria Earthquake

KnowBe4

FEBRUARY 14, 2023

[link] Spear Phishing Attacks Increase 127% As Use of Impersonation Skyrockets Impersonation of users, domains and brands is on the rise, as is the use of malicious links, in response to security vendors improving their ability to detect malicious attachments. Blog post with links: [link] Are Your Users Making Risky Security Mistakes?

Phishing

Phishing Security awareness Compliance Risk

What is Cybersecurity Risk Management?

eSecurity Planet

FEBRUARY 11, 2022

Rather than doors, locks and vaults, IT departments rely on a combination of strategies, technologies, and user awareness training to protect an enterprise against cybersecurity attacks that can compromise systems, steal data and other valuable company information, and damage an enterprise’s reputation. What is Cybersecurity Risk Management?

Risk

Risk Cybersecurity Encryption Access

CyberheistNews Vol 13 #13 [Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks

KnowBe4

MARCH 28, 2023

Security awareness training still has a place to play here." Email and other elements of software infrastructure offer built-in fundamental security that largely guarantees we are not in danger until we ourselves take action," Tyson writes. Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.

Phishing

Phishing Security awareness Insurance Cybersecurity

The aftermath of an incident – business considerations surrounding record-keeping

Data Protection Report

AUGUST 2, 2022

Organizations should also be aware of sector-specific statutory obligations which may apply to them, for example in health or financial services industries. M&A and Securities law. For a purchaser, records of privacy incidents provide valuable information about the vendor’s privacy governance structure.

Compliance

Compliance Privacy Risk Financial Services

What is a Cyberattack? Types and Defenses

eSecurity Planet

JUNE 16, 2022

However, basic cybersecurity tools and practices, like patching , strong passwords , and multi-factor authentication (MFA), “can prevent 80 to 90% of cyberattacks,” said Anne Neuberger, deputy national security advisor for cyber and emerging technologies, during a White House press conference in Sept. Cyberattack Statistics. Other methods.

Ransomware

Ransomware Cybersecurity Phishing Encryption

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Last Watchdog

JANUARY 30, 2019

Turn the corner into 2019 and we find Citigroup, CapitalOne, Wells Fargo and HSBC Life Insurance among a host of firms hitting the crisis button after their customers’ records turned up on a database of some 24 million financial and banking documents found parked on an Internet-accessible server — without so much as password protection.

Risk

Risk Financial Services Insurance Cybersecurity

Turning climate risks into business opportunities

IBM Big Data Hub

MARCH 27, 2024

In some business sectors, such as financial services, fast-moving consumer goods and healthcare, business interruptions can have a significant detrimental impact on daily life. Their state governments must order electricity for their citizens in advance, and they used to predict demand manually by using spreadsheets.

Risk

Risk Artificial Intelligence Agriculture Financial Services

The compliance challenges of hybrid working

IT Governance

AUGUST 26, 2021

For example, financial services firms may be worried about employees breaching insider trading laws. Employee monitoring software not only helps track productivity and the possibility of data being misappropriated but also helps your cyber security team spot poor cyber security practices that could result in cyber attacks.

Compliance

Compliance Data breaches Privacy Risk

Capital Markets, AI, and the need for governance

Collibra

OCTOBER 31, 2023

With every financial services organization focused on making better and faster decisions, data professional and business leaders are eager to better understand how AI can facilitate their strategic goals. Financial services orgs, especially those in capital markets, frequently has been on the forefront of generative AI investment.

Marketing

Marketing Government Financial Services Artificial Intelligence

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Data Protection Report

DECEMBER 23, 2019

Likewise, the New York State Department for Financial Services regulations requires relevant entities to have appropriate record retention policies and procedures. A policy or standard needs to be set, which is then explained by training and is measured. How do you build an effective information governance program?

Privacy

Privacy Compliance Personal data Risk

Russia-Ukraine cyber conflict poses critical infrastructure at risk

Security Affairs

MARCH 14, 2022

Ongoing attacks could cause severe damages to multiple sectors, including transportation, communication, financial services, government facilities, nuclear reactors, and critical manufacturing. The post Russia-Ukraine cyber conflict poses critical infrastructure at risk appeared first on Security Affairs.

Risk

Risk Financial Services Manufacturing Communications

6 Best Threat Intelligence Feeds to Use in 2023

eSecurity Planet

AUGUST 10, 2023

Here are our picks for the top threat intelligence feeds that security teams should consider adding to their defensive arsenal: AlienVault Open Threat Exchange: Best for community-driven threat feeds FBI InfraGard: Best for critical infrastructure security abuse.ch

Cybersecurity

Cybersecurity Access Metadata Energy and Utilities

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

We have summarised the key compliance obligations under the PIPL below, with new obligations in bold for ease of reference: Relevant Laws/Regulations The PIPL becomes the primary, national-level law governing processing of personal information, but does not replace the existing data privacy framework.

Data Privacy

Data Privacy Privacy Compliance Analytics

NYDFS Requires COVID-19 Plans by April 9

Data Protection Report

APRIL 2, 2020

On March 10, 2020, the New York Department of Financial Services (NYDFS) issued guidance to all of its regulated institutions engaged in virtual currency business activity, requiring them to have plans for preparedness to manage the possible operational and financial risks posed by the COVID-19 pandemic.

Risk

Risk Communications Authentication Financial Services

State Attackers Moving from Stealing Data to Social Meddling

Ascent Innovations

MAY 17, 2018

While modern email security solutions can detect and stop emails with malicious attachments, they are still largely ineffective in detecting hyperlinks to malicious websites. State actors tend to zero in on government agencies or utilities and energy targets. Training and knowledge sharing is key. Author: Abdul Hafiz.

Energy and Utilities

Energy and Utilities IoT Mining Financial Services

Ransomware Protection in 2021

eSecurity Planet

FEBRUARY 16, 2021

The internet is fraught with peril these days, but nothing strikes more fear into users and IT security pros than the threat of ransomware. Raising awareness about ransomware is a baseline security measure. As training sessions have little influence over staff for every potential attack, it makes added security more imperative.

Ransomware

Ransomware Encryption Insurance Cloud

New York Banking Regulator Announces New Cybersecurity Assessment Process

Hunton Privacy

DECEMBER 11, 2014

On December 10, 2014, the New York State Department of Financial Services (the “Department”) announced that it issued an industry guidance letter to all Department-regulated banking institutions that formally introduces the Department’s new cybersecurity preparedness assessment process.

Cybersecurity

Cybersecurity Financial Services Insurance Information Security

How ATB Financial drives agile data ops with Collibra and GCP

Collibra

MARCH 23, 2021

ATB Financial provides a diversified set of financial services to more than 770,000 residents of Alberta, Canada. Being a regionally focused institution, the group is dedicated to knowing its customers intimately, understanding their needs and providing products and services that help them achieve their goals.

Cloud

Cloud Government Access Metadata

Laserfiche Wins Gold in Best in Biz Awards 2017

Info Source

DECEMBER 5, 2017

With customers in nearly every industry including government, education, financial services, manufacturing and health care, Laserfiche offers solutions tailored to organizations’ needs, and the expertise and personalized service that drive customer success. and Canada.

ECM

ECM Education Financial Services Manufacturing

Top GRC Tools & Software for 2021

eSecurity Planet

JANUARY 21, 2021

Governance, risk, and compliance (GRC) software helps businesses manage all of the necessary documentation and processes for ensuring maximum productivity and preparedness. It includes multi-disciplinary risk and compliance management solutions and tools, including: IT & security risk management. Third-party governance.

Compliance

Compliance Risk Government Retail

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

Hunton Privacy

AUGUST 15, 2022

On July 29, 2022, the New York Department of Financial Services (“NYDFS”) posted proposed amendments (“Proposed Amendments”) to its Cybersecurity Requirements for Financial Services Companies (“Cybersecurity Regulations”). As part of the “training and monitoring” requirements under Section 500.14

Financial Services

Financial Services Cybersecurity Risk Passwords

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

The Financial Service and Insurance Industries Need Intelligent Document Processing; Here’s Why

Webinars

Trending Sources

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Webinars

Security Compliance & Data Privacy Regulations

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea

Finance sector must simplify staff awareness training

5 things to know: Driving innovation with AI and hybrid cloud in the year ahead

Confidential Containers with Red Hat OpenShift Container Platform and IBM® Secure Execution for Linux

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Top 12 Cloud Security Best Practices for 2021

Risk Management under the DORA Regulation

$8 million penalty to NYDFS – and another case of over-retention

Catches of the Month: Phishing Scams for October 2023

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

2024 Tech and Cybersecurity Forecast: Navigating New Frontiers in Business

Tackling Data Sovereignty with DDR

Avoslocker ransomware gang targets US critical infrastructure

Top 10 Governance, Risk and Compliance (GRC) Vendors

Hundreds of malicious Chrome browser extensions used to spy on you!

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

CyberheistNews Vol 13 #07 [Scam of the Week] The Turkey-Syria Earthquake

What is Cybersecurity Risk Management?

CyberheistNews Vol 13 #13 [Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks

The aftermath of an incident – business considerations surrounding record-keeping

What is a Cyberattack? Types and Defenses

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

Turning climate risks into business opportunities

The compliance challenges of hybrid working

Capital Markets, AI, and the need for governance

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Russia-Ukraine cyber conflict poses critical infrastructure at risk

6 Best Threat Intelligence Feeds to Use in 2023

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

NYDFS Requires COVID-19 Plans by April 9

State Attackers Moving from Stealing Data to Social Meddling

Ransomware Protection in 2021

New York Banking Regulator Announces New Cybersecurity Assessment Process

How ATB Financial drives agile data ops with Collibra and GCP

Laserfiche Wins Gold in Best in Biz Awards 2017

Top GRC Tools & Software for 2021

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

Stay Connected