Bill Blake, Senior Vice President and CCO (Chief Customer Officer) of Fasoo, moderated a panel discussion on Cybersecurity on September 13, 2017 at Harter Secrest & Emery LLP in Rochester, NY.  The event entitled Cyber Security & Your Company – What You Need to Know Now featured industry leaders and experts from The Bonadio Group, Fasoo, Lawley, and Harter Secrest & Emery LLP discuss how, when, and why to plan for a cyber attack.

The event was part of a continuing dialog with organizations on the needs for stricter cybersecurity controls in the wake of the ever growing threat of data breaches and threats to business operations.  Recent data breaches at Equifax, Verizon and others show that any organization is vulnerable to external attacks or insider threats.  Regulations and legislation, such as the New York NYDFS 23 NYCRR 500 cybersecurity regulations and GDPR in Europe, are causing businesses to improve their security posture to protect business and customer information.

Following our successful event in Rochester, the second of the NYDFS 23 NYCRR 500 roadshow events at Phillips Lytle LLP in Buffalo, NY on May 17, 2017 brought together executives, insurance, legal, and security professionals in a great forum to discuss challenges for financial services organizations to meet the new cybersecurity regulations that went into effect on March 1, 2017.  A full house heard some practical advice designed to assist entities regulated by the New York Division of Financial Services (NYDFS) comply with the new regulations.

Jennifer Beckage of Phillips Lytle LLP started with her “Survival Guide to Navigating the NYDFS Cybersecurity Regulation”.  Jennifer talked about the challenges covered entities face not only developing their own cybersecurity programs, but how those spill over to their service providers.  Developing, implementing and monitoring vendor management programs will affect contracts, day-to-day operations and the technology used to secure and control information shared.

The first of the NYDFS 23 NYCRR 500 roadshow events in Rochester, NY on May 16, 2017 was a great success as numerous people from local financial services companies participated in a great forum to help organizations understand how to meet the new cybersecurity regulations that went into effect on March 1, 2017.

The event was held at Harter Secrest & Emery LLP in Rochester and started what will be a continuing series of forums to assist entities regulated by the New York Division of Financial Services (NYDFS) comply with a strict and wide-ranging group of regulations.

Fasoo sponsored a Ponemon Institute survey to determine the readiness of financial firms doing business in New York State to comply with the new cybersecurity regulation NYDFS 23 NYCRR 500 that went into effect on March 1, 2017.  The regulation includes deadlines to implement procedures and solutions to achieve compliance with the new standards.  Since New York is one of the world’s financial capitals, the state wants to ensure that organizations that operate under the banking, insurance or financial services regulations provide a secure information sharing environment to protect companies and their customers.

“The survey is aptly titled “Countdown to Compliance,” said Dr. Larry Ponemon.  “Our goal is to provide insight into the challenges these organizations face in complying with the demanding new requirements which apply to all ‘nonpublic information’ – at rest, in-transit and shared with third parties.  The survey will provide insight into their efforts to comply over the next 180 to 365 days.”

After two days at the 2017 RSA Conference in San Francisco, it looks like Fasoo’s message of Security, Governance and Productivity is hitting a nerve with security professionals, analysts, executives and other attendees.  As the regulatory and business climate change to overcome constant threats to businesses and the data they use to drive profitability, companies are looking for a more comprehensive and practical approach to providing secure ways to conduct business.

An interesting theme at this year’s show is Business Driven Security.  I think the convergence of business and security is finally coming to a head as boards and executives realize they must think of security solutions as a business driver that helps mitigate business risk so they can propel their businesses forward.

One main focus this year is helping financial organizations comply with the New York State Department of Financial Services (NYS DFS) cybersecurity regulations.  Fasoo employees spoke to numerous banks and mortgage companies at the booth that are affected by this new regulation to encrypt nonpublic data and provide clear access control and audit trails.  The Fasoo Data Security Framework can help protect sensitive data from getting into the wrong hands and help meet this comprehensive regulation.

This year’s RSA Conference in San Francisco gave security professionals, executives and other attendees a lot to choose from as they tried to help their organizations prevent cyberattacks and mitigate the risk of insider threats.  Apple’s current flap with the FBI on encryption was a big point of discussion throughout the event, including during keynotes.  Amit Yoran, the President of RSA, came out strongly against government backdoors and weakening encryption.

Fasoo’s theme this year was Design Your Data Security Blueprint and visitors to the Fasoo booth got to see how the Fasoo Data Security Framework and Sparrow could help them achieve their goal of protecting their sensitive data from getting into the wrong hands.

A lot of conversations centered on the understanding that it’s not a matter of if I get hacked, but when.  I spoke to one gentleman who was talking about the concept of security crumple zones where you assume that some layers of your security will get breached.  The concept is similar to car safety, where the ultimate goal is protect what is most valuable.  Fasoo was showing attendees a multi-layered approach to data security that relies on a data-centric security model with people-centric policies.  This allows an organization to protect critical data immediately and adjust access control policy as roles and people change.