Compliance Guide

BankNews.com

Cybersecurity

Non-Malware Attacks Pose More Risk Than Commodity Malware

Carbon Black, a provider of next-generation endpoint security, has announced the results of its latest research report, “Beyond the Hype,” which aggregates insight from more than 400 interviews with leading cybersecurity researchers who discussed non-malware attacks, artificial intelligence (AI) and machine learning (ML), among other topics.

(more…)

Increase in Cybersecurity Attacks Expected on Industrial IoT

Tripwire, Inc., a leading global provider of security and compliance solutions for enterprises and industrial organizations, has announced the results of a study conducted in partnership with Dimensional Research. The study looked at the rise of Industrial Internet of Things (IIoT) deployment in organizations, and to what extent it is expected to cause security problems in 2017.

(more…)

CSBS Offers New Cybersecurity Certification

November 22 – The Conference of State Bank Supervisors announced a new cybersecurity certification in an effort to promote higher standards in bank examination of cybersecurity management. The new Certified Cyber Security Examiner designation is part of a larger effort among state financial regulators to address the ongoing threat of cybersecurity within the financial services industry.

(more…)

Biometrics, Bots and the Future of Security in Financial Services

By Eric Crabtree

Not surprisingly, cybersecurity always ranks high on the list of chief concerns that cause bank CIOs to lose sleep at night. That’s because increasing levels of sophistication in the tech used by hackers and fraudsters is making it harder for financial institutions to defend themselves.

(more…)

Have You Assessed Your Cyber-Preparedness Lately?

By Catherine Crosby Long, Keith Andress and Alisa Chestler

Not long ago, the average American could not define terms like “data breach,” “hack” or “cybersecurity.” However, hardly a day passed in 2015 without a cyberattack covered by the national news. As a result, consumers are increasingly aware of the need to ensure that their personally identifiable information is secure. This article explores the basic tenets of an effective cybersecurity policy, including the need for regular security assessments and an incident response plan. (more…)

The Borderless Enterprise: Identity Is the New Perimeter

By Chris Trytten

Data breaches have plagued companies for more than a decade and show no signs of abating but actually increasing 29 percent in 2015 compared to the prior year. The number of incidents exposing one million or more records increased 40 percent, while three mega events occurred in the third quarter of last year, each exposing more than 10 million records.

(more…)

Creating an Effective Cybersecurity Preparedness Plan

By Mark Scholl

It’s no secret that cyber threats continue to increase. The bad guys will go where the money is. But you can’t develop a cybersecurity strategy if you don’t know what you are up against. So where do you go for help to understand the evolving threats and how to mitigate them based on your risk profile?

(more…)

Updating Incident Response Plans

By Jim Baird
Incident Response Plans (IRP) have been expected by banking regulators for years. But with the ever-increasing threats of cybercrime, malware, breaches, ransomware and other cyber threats, the expectations have morphed into having a far more robust, comprehensive, cyber-ready and tested IRP. Further, the Federal Financial Institutions Examination Council’s Cybersecurity Assessment Tool devotes an entire domain to the topic (Domain 5: Cyber Incident Management and Resilience).

(more…)

Select Your Technology Vendors . . . Carefully

By Charles Cheatham

Today, bankers have more technology and more technology vendors providing services and support to their banks than ever before. Using third-party vendors can allow banks to reduce risk, control costs and focus more efficiently on achieving strategic goals.

(more…)

How Cybersecurity Affects Board Dynamics

By Stephanie Chaumont

As a security consultant, I have spent time talking with management and members of the boards of directors at several institutions. And I can tell you that they run the gamut of security-mindedness and technology knowledge. I have met directors who want to know what’s going on in the IT department and are well-versed in information security and cybersecurity threats; there are others who want nothing to do with anything IT-related. But board members now have an excellent resource to improve their knowledge: Overview for Chief Executive Officers and Boards of Directors, released last year with the Federal Financial Institution Examination Council’s Cybersecurity Assessment Tool.

(more…)

Kryptronic Internet Software Solutions