FINANCIAL INFOSECURITY NEWSLETTER

July 2017

What Are the Key Differences Between 23 NYCRR 500, GLBA, and FFIEC Regulations?

Zackery Mahon, Deltarisk.com, July 5, 2017

In our previous blog, “New York Cyber Security Regulations: Are You Ready to Implement 23 NYCRR 500?” we provided a brief overview of the New York Cyber Security Regulation (23 NYCRR 500), including how to identify if your company is a covered entity under the New York Department of Financial Services (NYDFS).

Read More

Hackers Demand Banks $315k Ransom or Face DDoS Attacks

Waqas Amir, Hackread.com, June 28, 2017

Armada Collective, a group of online attackers, is demanding a ransom payment of $315,000 from South Korean banks – In the case of refusal, the group has threatened the banks with a series of massive Distributed Denial of Service (DDoS) attacks.

Read More

How to Avoid Being the Weakest Link in Your Company’s Information Security

John White, Inc.com, July 10, 2017

When you think of hackers, you probably think of some spy movie where they come down from the ceiling to steal a computer off of a desk and then whisk it away to their laboratory where they input lines of code to crack the encryption. In reality, hacking is often as simple as learning about a user and then guessing their password or even asking them for it: a process called social engineering.

Read More

Opinion: Data Breaches and Cybersecurity Now Top C-Suite Concerns

Paul A. Laudicina and Erika R. Peterson, Information-management.com, July 12, 2017

Among the interesting results from our 2017 Views from the C-Suite survey of global executives is the fact that, of all the myriad challenges facing businesses worldwide, executives are most concerned about cybersecurity . An overwhelming 85 percent of told us they believe that cyberattacks will become more frequent and costly over the next 12 months.

Read More

What CPAs Need to Know about New York’s New Cybersecurity Requirements

Al Aper, Cpajournal.com, June 28, 2017

New York State recently adopted a “first-in-the-nation” set of cybersecurity compliance requirements that impact any businesses or organizations that report to the Department of Financial Services (DFS). Effective March 1, 23 NYCRR 500 is meant to anticipate, address, and thwart cybercriminals by requiring “each company to assess its specific risk profile and design a program that addresses its risks in a robust fashion.”

Read More

Look in the Mirror to Solve the Cyber Security Skills Gap

Matthew Kuznia, Deltarisk.com, June 23, 2017

At least once a day, I see a new article on the topic of how to close the cyber security skills gap. Without fail, these discussions center on the need for public and private sector collaboration, early STEM education, skills-based training, and increasing cyber security programs and course options through colleges and universities.

Read More

Hackers Steal 6 Million User Accounts for Cash-for-Surveys Site

Joseph Cox, Motherboard.vice.com, June 14, 2017

In one of the more bizarre data breaches to surface recently, hackers made off with 6 million accounts for CashCrate, a site where users can be paid to complete online surveys, according to a database obtained by Motherboard.

Read More

How to Make Your Employees Care About Cybersecurity: 10 Tips

Alison DeNisco, Techrepublic.com, June 19, 2017

People are the largest security vulnerability in any organization. Here’s some expert advice on how to make cybersecurity training more effective and protect your business.

Read More

How End-User Devices Get Hacked: 8 Easy Ways

Kelly Sheridan, Darkreading.com, June 9, 2017

When it comes to scamming consumers and businesses, the most effective strategies aren’t necessarily the most complex. Hackers seeking funds, data, and access to corporate systems don’t need advanced techniques when tried-and-true tactics consistently work on their victims. There are two primary types of attacker motivations: opportunistic and targeted.

Read More