Financial Services and Security awareness - Information Management Today

Vendor Email Compromise Attacks Against Financial Services Surge 137% Last Year

KnowBe4

FEBRUARY 2, 2024

Analysis of 2023 attacks shows how the financial services industry had a very bad year, with increases in both vendor email compromise (VEC) and business email compromise (BEC) attacks, targeting millions of dollars using very specific methods.

Financial Services

Financial Services Security awareness Security

New York Department of Financial Services Strengthens Cybersecurity Regulation

KnowBe4

NOVEMBER 7, 2023

The NYDFS’ 23 NYCRR Part 500 has been updated to reflect the current preventative and responsive measures necessary for Financial Services org to be ready for cyber attacks.

Financial Services

Financial Services Cybersecurity Security awareness Security

Ransomware Now Considered a “Crisis” in the Financial Services Sector

KnowBe4

SEPTEMBER 28, 2023

A recent panel discussion of banking CISOs and experts at the SIBOS conference focused on the current state of ransomware and what institutions should do to protect themselves.

Financial Services

Financial Services Ransomware Security awareness Phishing

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Hunton Privacy

NOVEMBER 23, 2022

On November 9, 2022, the New York Department of Financial Services (NYDFS) released its second, proposed amendments to the Part 500 Cybersecurity Rule. The proposed amendments revise several aspects of the draft Cybersecurity Rule amendments released on July 29, 2022.

Financial Services

Financial Services Cybersecurity Ransomware Compliance

Senior Executives Beware: The Rise of EvilProxy Phishing Campaigns

KnowBe4

OCTOBER 5, 2023

Menlo Security warns that a social engineering campaign is using the EvilProxy phishing kit to target senior executives across a range of industries, including banking and financial services, insurance, property management and real estate, and manufacturing.

Phishing

Phishing Financial Services Insurance Manufacturing

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

The Last Watchdog

NOVEMBER 9, 2020

In one very recent caper, the attackers targeted the CFO of a financial services firm, as he worked from home, Sherman says. This is why it is important to build employee training for consumer IoT devices into security awareness training programs.” The attackers successfully got a foothold on the exec’s MacBook.

IoT

IoT Passwords Artificial Intelligence Risk

Unmasking 2024’s Email Security Landscape

Security Affairs

FEBRUARY 28, 2024

Targeted Sector Vulnerabilities: Financial Services, IT, Healthcare, Education, and Government sectors have emerged as primary targets, with attackers fine-tuning their strategies to exploit specific vulnerabilities within these industries.

Security

Security Phishing Communications Financial Services

CyberheistNews Vol 13 #13 [Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks

KnowBe4

MARCH 28, 2023

Security awareness training still has a place to play here." New-school security awareness training with simulated phishing tests enables your employees to recognize increasingly sophisticated phishing attacks and builds a strong security culture. We must ask: 'Is the email expected? Is the from address legit?

Phishing

Phishing Security awareness Insurance Cybersecurity

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

Data Matters

MARCH 28, 2022

implement a security awareness and training program for all workforce members pursuant to the HIPAA Security Rule. See 45 CFR 164.308(a)(1)(ii)(A)-(B): Implementation Specification: Risk Analysis (required), Implementation Specification: Risk Management (required); see also 45 CFR 164.304 (definition of “Availability”).

Cybersecurity

Cybersecurity Privacy Insurance Risk

CyberheistNews Vol 13 #25 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches

KnowBe4

JUNE 20, 2023

Perhaps more importantly, do you know how effective new-school security awareness training is as a mission-critical layer in your security stack? million simulated phishing security tests. Get tricked into giving away their credentials or download malware? million users across 35,681 organizations with over 32.1

Data breaches

Data breaches Phishing Security awareness Ransomware

CyberheistNews Vol 13 #07 [Scam of the Week] The Turkey-Syria Earthquake

KnowBe4

FEBRUARY 14, 2023

This means you have a bunch of users that unwittingly follow a set of unusual and unnecessary clicks that they should know better than to follow – something they learn very quickly if they are enrolled in new-school security awareness training. Blog post with links: [link] Are Your Users Making Risky Security Mistakes?

Phishing

Phishing Security awareness Compliance Risk

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

For example, the New York Department of Financial Services (‘NYDFS’) in March 2017 issued its Cybersecurity Regulation (23 NYCRR 500) (‘the NYDFS Cybersecurity Regulation’), a groundbreaking and far-reaching regulatory regime focused on financial institutions licensed in New York, including insurance companies.

Insurance

Insurance Cybersecurity Data breaches Financial Services

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

HL Chronicle of Data Protection

MARCH 14, 2019

Under the proposed Rule, FIs would be required to provide personnel with security awareness training that is updated to reflect risks identified by the FI’s risk assessment. The proposed amendments follow the FTC’s receipt of public comments in 2016 regarding the Safeguards Rule as part of the FTC’s regular review cycle.

Privacy

Privacy Risk Cybersecurity Information Security

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

APRIL 23, 2018

For example, the results of deploying a framework such as CKMS to address company critical information assets, and its impact on cyber risk, could readily be rolled-up into a dashboard for review by an appropriate board committee on cybersecurity, or the full board, as needed.

Cybersecurity

Cybersecurity Risk Passwords Authentication

SHARED INTEL: Microsoft discloses how the Nobelium hacking ring engages in routine phishing

The Last Watchdog

JUNE 28, 2021

Microsoft said it notified the targeted 150 organizations, which included “IT companies (57%), followed by government (20%), and smaller percentages for non-governmental organizations and think tanks, as well as financial services.” Only three of the 150 entities actually got compromised. Simple techniques.

Phishing

Phishing Passwords Authentication Financial Services

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

. “AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors. Consider installing and using a VPN.

Ransomware

Ransomware Passwords Encryption Financial Services

CyberheistNews Vol 13 #22 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks

KnowBe4

MAY 31, 2023

That's right – the financial services industry, at least according to cybersecurity vendor Armorblox's 2023 Email Security Threat Report. Blog post with links: [link] [Live Demo] Ridiculously Easy Security Awareness Training and Phishing Old-school awareness training does not hack it anymore.

Phishing

Phishing File names Security awareness Risk

Information Management Today

Vendor Email Compromise Attacks Against Financial Services Surge 137% Last Year

New York Department of Financial Services Strengthens Cybersecurity Regulation

Trending Sources

Ransomware Now Considered a “Crisis” in the Financial Services Sector

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Senior Executives Beware: The Rise of EvilProxy Phishing Campaigns

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

Unmasking 2024’s Email Security Landscape

CyberheistNews Vol 13 #13 [Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

CyberheistNews Vol 13 #25 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches

CyberheistNews Vol 13 #07 [Scam of the Week] The Turkey-Syria Earthquake

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

An Approach to Cybersecurity Risk Oversight for Corporate Directors

SHARED INTEL: Microsoft discloses how the Nobelium hacking ring engages in routine phishing

Avoslocker ransomware gang targets US critical infrastructure

CyberheistNews Vol 13 #22 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks

Stay Connected