Fasoo Sponsors NYDFS 23 NYCRR 500 Roadshow

Ron Arden Cybersecurity, News Leave a Comment

Fasoo Sponsors NYDFS 23 NYCRR 500 RoadshowOn March 1, 2017 new sweeping cybersecurity regulations from the New York State Department of Financial Services (NYDFS) took effect.  The NYDFS 23 NYCRR 500 regulations affect thousands of regulated financial institutions that do business in New York as well as thousands of Third Party Service Providers that support those financial institutions, world-wide.  The regulations add to the complexity that financial institutions already face in developing and implementing their comprehensive information security programs.  They also bring with them challenges and uncertainty as organizations implement new tools and practices designed to protect customer and company information.

In response to this sea-change, Fasoo is sponsoring a roadshow across three major markets in New York (Rochester, Buffalo and NY city) to help affected organizations comply with the new regulations.  The highlight of the roadshow will be a keynote by Dr. Larry Ponemon of the Ponemon Institute reviewing a study sponsored by Fasoo to gauge industry readiness and reaction to the new regulations.

Read More

The Best Defense Against Insider Threats

Ron Arden Data breach, Insider threat Leave a Comment

The Best Defense Against Insider ThreatsOne of the most critical skills information security groups have is the ability to proactively find threats in their environment – a process known as hunting.  Great hunting is the combination of deep knowledge about your environment with the ability to understand the details of changes that take place in real-time.  Knowledge is the greatest advantage information security professionals have when determining the best defense against an adversary.

Attackers must have extensive knowledge about your infrastructure to find weak spots to exploit.  You have an advantage by knowing what are normal patterns of behavior from your users and systems.

Read More

Fasoo Sponsored Ponemon Institute Survey On NYDFS 23 NYCRR 500

Ron Arden Cybersecurity, News Leave a Comment

Click here to see the Countdown to Compliance, Fasoo Sponsored Ponemon Institute Survey of NYDFS 23 NYCRR 500Fasoo sponsored a Ponemon Institute survey to determine the readiness of financial firms doing business in New York State to comply with the new cybersecurity regulation NYDFS 23 NYCRR 500 that went into effect on March 1, 2017.  The regulation includes deadlines to implement procedures and solutions to achieve compliance with the new standards.  Since New York is one of the world’s financial capitals, the state wants to ensure that organizations that operate under the banking, insurance or financial services regulations provide a secure information sharing environment to protect companies and their customers.

“The survey is aptly titled “Countdown to Compliance,” said Dr. Larry Ponemon.  “Our goal is to provide insight into the challenges these organizations face in complying with the demanding new requirements which apply to all ‘nonpublic information’ – at rest, in-transit and shared with third parties.  The survey will provide insight into their efforts to comply over the next 180 to 365 days.”

Read More

Once More Unto The Data Breach, Dear Friends, Once More

Ron Arden Cybersecurity, Data breach, Insider threat Leave a Comment

Fasoo would have stopped the leak of CIA documentsWikiLeaks recently obtained and released thousands of sensitive documents showing the Central Intelligence Agency’s (CIA) arsenal of hacking tools, malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation.

Unfortunately this is not a Shakespearean play, but a real life data breach that will have huge consequences for the security of the US government.  This information supposedly came from a secure location inside the CIA and raises a lot of questions about cybersecurity.  If an agency that should be focused on security can have this problem, what other problems may lurk in other parts of the government?

Read More

Data Breaches Cost Executives Money

Ron Arden Cybersecurity, Data breach Leave a Comment

Data Breaches Cost Executives MoneyThe problem of data breaches has just reached a new high, or maybe low, as executives are losing money because of them.  A case in point is that Yahoo CEO Marissa Mayer will not receive a bonus nor stock award because of the mishandling of security breaches in 2013 and 2014.

The decision came after an internal investigation found that senior executives at Yahoo mishandled the company’s security breaches.  In September of last year, Yahoo disclosed that a massive security breach occurred in 2014. About 500 million Yahoo accounts were compromised. Hackers obtained personal information, but not credit card details. Then in December of last year, Yahoo disclosed that another breach occurred in 2013, but this one was even bigger: Nearly one billion user accounts were hacked, making it the biggest breach in history.

Read More

New York Issues Final Version of Cybersecurity Regulations

Ron Arden Cybersecurity, Data breach, Insider threat Leave a Comment

New York Issues Final Version of Cybersecurity RegulationsThe New York State Department of Financial Services (NYS DFS) just released the final version of its new cybersecurity regulations that affect organizations doing business under New York banking, insurance and financial services regulations.  The new regulation is designated 23 N.Y.C.R.R. Part 500, and goes into affect on March 1, 2017.

Paul Greene, an attorney at Harter Secrest & Emery, in a recent blog post mentioned that the main changes in the regulation from earlier drafts is the move to a more risk-adjusted approach to cybersecurity, rather than a purely prescriptive approach.  Rather than applying a one-size-fits-all approach, the NYS DFS is allowing Covered Entities to define the risk associated with their nonpublic information before deciding on the best way to protect it.  Questions remain, however, concerning the scope and reach of these regulations.

Read More

Fasoo Hits Nerve with Message of Security, Governance and Productivity at RSA 2017

Ron Arden Cybersecurity, Data breach, Data security, News Leave a Comment

Fasoo Hits Nerve with Message of Security, Governance and Productivity at RSA 2017After two days at the 2017 RSA Conference in San Francisco, it looks like Fasoo’s message of Security, Governance and Productivity is hitting a nerve with security professionals, analysts, executives and other attendees.  As the regulatory and business climate change to overcome constant threats to businesses and the data they use to drive profitability, companies are looking for a more comprehensive and practical approach to providing secure ways to conduct business.

An interesting theme at this year’s show is Business Driven Security.  I think the convergence of business and security is finally coming to a head as boards and executives realize they must think of security solutions as a business driver that helps mitigate business risk so they can propel their businesses forward.

One main focus this year is helping financial organizations comply with the New York State Department of Financial Services (NYS DFS) cybersecurity regulations.  Fasoo employees spoke to numerous banks and mortgage companies at the booth that are affected by this new regulation to encrypt nonpublic data and provide clear access control and audit trails.  The Fasoo Data Security Framework can help protect sensitive data from getting into the wrong hands and help meet this comprehensive regulation.

Read More

Fasoo Data Security and Intelligent Document Platform on Display at RSA Conference 2017

Ron Arden Application Security Testing, Cybersecurity, News Leave a Comment

Fasoo Data Security and Intelligence Document Platform on Display at RSA Conference 2017Fasoo has a big presence at the RSA Conference 2017 in San Francisco where we will showcase our newly expanded data security and management framework which helps companies track, manage and secure their data.

Focusing on the business themes of Security, Governance and Productivity, Fasoo is helping executives and boards of directors comply with enhanced cybersecurity regulations while ensuring they can meet the needs of constantly changing business models that demand secure collaboration to get things done.

Today’s business world demands a new look at how we define and protect the borders of our organizations because our data is created, stored and consumed in systems that may be outside the traditional information security and document management models.  Visitors to Fasoo’s booth #S1239 will see demonstrations of the Fasoo Data Security Framework and Wrapsody that together helps organizations consistently control, secure, track and manage documents no matter where they travel.  This new, integrated data-centric approach overcomes legacy solution limitations that comprehensively satisfies organizational demands placed on data security, governance and productivity.

Read More

Say NO to Stealing Sensitive Information by Phishing

Ron Arden Cybersecurity, Data breach, Insider threat Leave a Comment

Say NO to Stealing Sensitive Information by PhishingJust a few days after the IRS released it’s warning about W-2 phishing, it appears the College of Southern Idaho (CSI) reported that 3,000 employees’ personal information may have been compromised by a phishing scam.

The attackers are now expanding their sights into higher education according to a recent article by Paul Greene, an attorney at Harter Secrest & Emery.  Given the large number of employees, including seasonal employees, community education instructors and people who work for auxiliary agencies, these institutions are great sources of sensitive information and money.  In this case, someone impersonating a CSI administrator sent an email to an employee requesting W-2 information for all school employees over the past two years.

Read More

How to Fight the Latest Phishing Scams

Ron Arden Cybersecurity, Data breach, Insider threat Leave a Comment

How to Fight the Latest Phishing ScamsThe more things change, the more they stay the same, unfortunately.  Paul Greene, an attorney at Harter Secrest & Emery, in a recent blog post mentioned a new IRS warning about the reappearance of phishing scams targeting W-2 information.  Companies have lost thousands of dollars in email compromise attacks that first steal W-2s and then attempt wire transfer frauds.

This is nothing new, of course, with the IRS having issued the same form of warning around this time last year.  But it is tax season and the scammers, fraudsters and hackers decided to get a jump on things this year.

In recent years, the criminals targeted corporations, but this year they are casting a wider net, potentially affecting schools, non-profits, restaurants, healthcare providers, and tribal organizations.  This is a classic case of targeting organizations that may not have the best security, since they have not been victims in the past.  Those organizations affected in recent years have hardened their defenses, but now the scammers are going after the next tier.  They also may be going after the supply chain of some of the companies targeted in the past.  After all it’s easier to attack a small service provider than to attack a large bank or manufacturing company.

Read More