Financial Services, Security and Security awareness

New York Department of Financial Services Strengthens Cybersecurity Regulation

KnowBe4

NOVEMBER 7, 2023

The NYDFS’ 23 NYCRR Part 500 has been updated to reflect the current preventative and responsive measures necessary for Financial Services org to be ready for cyber attacks.

Financial Services

Financial Services Cybersecurity Security awareness Security

Vendor Email Compromise Attacks Against Financial Services Surge 137% Last Year

KnowBe4

FEBRUARY 2, 2024

Analysis of 2023 attacks shows how the financial services industry had a very bad year, with increases in both vendor email compromise (VEC) and business email compromise (BEC) attacks, targeting millions of dollars using very specific methods.

Financial Services

Financial Services Security awareness Security

Ransomware Now Considered a “Crisis” in the Financial Services Sector

KnowBe4

SEPTEMBER 28, 2023

A recent panel discussion of banking CISOs and experts at the SIBOS conference focused on the current state of ransomware and what institutions should do to protect themselves.

Financial Services

Financial Services Ransomware Security awareness Phishing

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Hunton Privacy

NOVEMBER 23, 2022

On November 9, 2022, the New York Department of Financial Services (NYDFS) released its second, proposed amendments to the Part 500 Cybersecurity Rule. Covered Entities must have a monitoring process that ensures prompt notification of any new security vulnerabilities. Cybersecurity Governance.

Financial Services

Financial Services Cybersecurity Ransomware Compliance

Unmasking 2024’s Email Security Landscape

Security Affairs

FEBRUARY 28, 2024

Analyzing the Email Security Landscape and exploring Emerging Threats and Trends. VIPRE Security Group’s latest report, “Email Security in 2024: An Expert Insight into Email Threats,” delves into the cutting-edge tactics and technologies embraced by cybercriminals this year. million as malicious.

Security

Security Phishing Communications Financial Services

Senior Executives Beware: The Rise of EvilProxy Phishing Campaigns

KnowBe4

OCTOBER 5, 2023

Menlo Security warns that a social engineering campaign is using the EvilProxy phishing kit to target senior executives across a range of industries, including banking and financial services, insurance, property management and real estate, and manufacturing.

Phishing

Phishing Financial Services Insurance Manufacturing

CyberheistNews Vol 13 #13 [Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks

KnowBe4

MARCH 28, 2023

Security awareness training still has a place to play here." Email and other elements of software infrastructure offer built-in fundamental security that largely guarantees we are not in danger until we ourselves take action," Tyson writes. Is the email enticing you to click on a link?' I'm being asked to do something here.'"

Phishing

Phishing Security awareness Insurance Cybersecurity

CyberheistNews Vol 13 #25 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches

KnowBe4

JUNE 20, 2023

The recent information exposes the increasing dangers in the world of cryptocurrency and the urgent requirement for more robust security measures. Perhaps more importantly, do you know how effective new-school security awareness training is as a mission-critical layer in your security stack?

Data breaches

Data breaches Phishing Security awareness Ransomware

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

The Last Watchdog

NOVEMBER 9, 2020

The challenge of the moment is that many companies already have their hands full trying to improve their security posture as they migrate their legacy, on premises, IT systems to the cloud. The operating systems of home IoT devices today typically get shipped with minimal logon security. This is a sign of IoT attacks to come.

IoT

IoT Passwords Artificial Intelligence Risk

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

Data Matters

MARCH 28, 2022

OCR concludes most cyber-attacks could be prevented or substantially mitigated if HIPAA covered entities and business associates implemented HIPAA Security Rule requirements to address the most common types of attacks. implement a security awareness and training program for all workforce members pursuant to the HIPAA Security Rule.

Cybersecurity

Cybersecurity Privacy Insurance Risk

CyberheistNews Vol 13 #07 [Scam of the Week] The Turkey-Syria Earthquake

KnowBe4

FEBRUARY 14, 2023

[link] Spear Phishing Attacks Increase 127% As Use of Impersonation Skyrockets Impersonation of users, domains and brands is on the rise, as is the use of malicious links, in response to security vendors improving their ability to detect malicious attachments. Blog post with links: [link] Are Your Users Making Risky Security Mistakes?

Phishing

Phishing Security awareness Compliance Risk

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

Of particular concern to state-level policymakers and enforcement authorities are business practices that in their view may contribute to security incidents. The insurance industry has not been immune from such scrutiny, and the imposition of business practice requirements intended to enhance cybersecurity sector-wide.

Insurance

Insurance Cybersecurity Data breaches Financial Services

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

HL Chronicle of Data Protection

MARCH 14, 2019

The proposed changes to the Safeguards Rule add a number of more detailed security requirements, whereas the proposed changes to the Privacy Rule are more focused on technical changes to align the Rule with changes in law over the past decade. It includes general, high level elements of a security program, but lacks detailed security steps.

Privacy

Privacy Risk Cybersecurity Information Security

SHARED INTEL: Microsoft discloses how the Nobelium hacking ring engages in routine phishing

The Last Watchdog

JUNE 28, 2021

Microsoft said it notified the targeted 150 organizations, which included “IT companies (57%), followed by government (20%), and smaller percentages for non-governmental organizations and think tanks, as well as financial services.” Only three of the 150 entities actually got compromised. . I’ll keep watch and keep reporting.

Phishing

Phishing Passwords Authentication Financial Services

CyberheistNews Vol 13 #22 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks

KnowBe4

MAY 31, 2023

That's right – the financial services industry, at least according to cybersecurity vendor Armorblox's 2023 Email Security Threat Report. Blog post with links: [link] [Live Demo] Ridiculously Easy Security Awareness Training and Phishing Old-school awareness training does not hack it anymore.

Phishing

Phishing File names Security awareness Risk

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

. “AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors. hard drive, storage device, the cloud).

Ransomware

Ransomware Passwords Encryption Financial Services

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

APRIL 23, 2018

Recent guidance from the Securities and Exchange Commission (SEC) on disclosure and enforcement actions by the Federal Trade Commission (FTC) make clear that cybersecurity is no longer a niche topic, but a concern significant enough to warrant the oversight of corporate boards of directors. Designing an Enterprise-Level Approach.

Cybersecurity

Cybersecurity Risk Passwords Authentication

Information Management Today

New York Department of Financial Services Strengthens Cybersecurity Regulation

Vendor Email Compromise Attacks Against Financial Services Surge 137% Last Year

Trending Sources

Ransomware Now Considered a “Crisis” in the Financial Services Sector

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Unmasking 2024’s Email Security Landscape

Senior Executives Beware: The Rise of EvilProxy Phishing Campaigns

CyberheistNews Vol 13 #13 [Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks

CyberheistNews Vol 13 #25 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

CyberheistNews Vol 13 #07 [Scam of the Week] The Turkey-Syria Earthquake

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

SHARED INTEL: Microsoft discloses how the Nobelium hacking ring engages in routine phishing

CyberheistNews Vol 13 #22 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks

Avoslocker ransomware gang targets US critical infrastructure

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Stay Connected