FINANCIAL INFOSECURITY NEWSLETTER

June 2017

Kaspersky: Online Banking Hacks Cost Banks Nearly $1.8M Each

Justine Brown, Ciodive.com, June 19, 2017

Cybersecurity incidents involving online banking services cost banks an average of nearly $1.8 million each, according to a new Kaspersky Lab report. That’s about double the cost banks typically pay to recover from a malware incident.

Read More

Bankers Are Hiring Cyber-Security Experts to Help Get Deals Done

Marie Mawad, Bloomberg.com, June 26, 2017

Executives and investors are hiring an unlikely crowd to help them do deals: computer geeks. Companies and investment funds are adding an extra layer of scrutiny to acquisitions by screening targets for cybersecurity risks, as global computer attacks raise awareness. That’s prompting offers specifically tailored to takeovers by a variety of players, from consultants like Deloitte LLP to software providers including Intralinks Holdings Inc.

Read More

New York Cyber Security Regulations: Are You Ready to Implement 23 NYCRR 500?

Zackery Mahon, Deltarisk.com. June 8, 2017

March 1, 2017, marked the day that “23 NYCRR 500” (the New York Cyber Security Regulation) went into full effect for all New York Department of Financial Services (NYDFS) regulated individuals and organizations. These groups are required to adopt programs, policies, and procedures to protect their most sensitive information and assets from cyber security threats.

Read More

Social Engineering…Again?

David Sykes, Csooline.com, June 22, 2017

Headline-grabbing hacks of email accounts belonging to celebrities, businesses and government officials are commonplace. This is because there’s one major vulnerable flaw allowing cyber crooks to access systems, empty bank accounts, destroy reputations, or send someone into bankruptcy; human nature.

Read More

5 Tips for Implementing a Cyber Security Program

Stephanie Ewing-Ottmers, Deltarisk.com, June 21, 2017

With the ongoing shortage of cyber security professionals, more IT professionals are finding themselves assuming responsibilities to cover their organization’s cyber security program. The landscape is even more difficult to navigate given the many information security standards and regulations that industries most follow.

Read More

Too Smart for a Spear-Phishing Message? Think Again

Michael Kassner, Techrepublic.com, June 22, 2017

Let’s face it, phishing attacks—where cybercriminals disguise their malware-laced digital messages to give the appearance of official communiqués—are way more successful than anyone would like. Verizon’s 2017 Data Breach Investigations Report (DBIR) states: “There were a little over 1,600 incidents and more than 800 breaches featuring social actions in this year’s [2016] corpus (all external actor driven ). Phishing was again the top variety, found in over 90% of both incidents and breaches.”

Read More

How CISOs Can Answer Difficult Questions from CEOs

Ryan Francis, Csoonline.com, May 15, 2017

The CEO puts all the trust in the chief security officer to keep the company off the front page and out of danger. But as the number of attacks across the internet skyrockets, that trust has slowly eroded or at the very least is increasingly questioned. CEOs don’t want to be caught off-guard, so they are asking pointed questions to ensure they know what security precautions are being taken.

Read More

The Behavioral Economics of Why Executives Underinvest in Cybersecurity

Alex Blau, Hbr.org, June 7, 2017

Determining the ROI for any cybersecurity investment, from staff training to AI-enabled authentication managers, can best be described as an enigma shrouded in mystery. The digital threat landscape changes constantly, and it’s very difficult to know the probability of any given attack succeeding — or how big the potential losses might be. Even the known costs, such as penalties for data breaches in highly regulated industries like health care, are a small piece of the ROI calculation.

Read More

The Wide-Ranging Impact of New York’s Cybersecurity Regulations

Mark Sangster, Darkreading.com, May 16, 2017

One of the harshest cybersecurity regulations to hit companies in the US recently went into effect in New York. The state regulator, the New York Department of Financial Services, introduced its Cybersecurity Requirements for Financial Services Companies (23 NYCRR Part 500), a regulation designed to tighten cybersecurity practices across a wide selection of companies, which became effective on March 1, 2017.

Read More