All cyber-attacks articles
-
Article
Cyber-criminals have supply chains, too
All cyber-attacks leave a trail. These trails can be complex, of course, but the criminals cannot avoid them. Thus, they leave a supply chain of intelligence and data.
-
Article
Cyber-security attestations now required for leadership at NY’s financial firms
Tough new cyber-security regulations, crafted in New York, require board members and senior officials to not just talk the talk.
-
Article
Uber breach sheds light on how companies use ‘bug hunters’
As a cyber-security tool, companies are turning to outsiders to hunt down software and security flaws. The concern is that bug bounties may become excessive or reward illegal activity.
-
Blog
Dems pitch data protections in response to Equifax woes
Democratic senators have introduced new legislation intended “to give control over credit and personal information back to consumers” following a massive data breach at consumer credit rating firm Equifax that compromised the personal information of at least 143 million Americans.
-
Article
Firms gird for fast-approaching NYDFS cyber-security deadlines
New York’s new cyber-security rules are already creating compliance and liability concerns. They may also give rise to a fractured playing field of demands in other states.
-
Article
Risk management lessons of the WannaCry ransomware
A global hack attack that held organizations’ data hostage for Bitcoin ransoms raises regulatory issues, disclosure debates, and risk management concerns.
-
Article
Fending off executive impersonation schemes
Everybody thinks they would never fall for an obvious cyber-scam … until they do. Jaclyn Jaeger reports.
-
Blog
New OFAC Sanctions Rules Target Cyber-Attacks
The Treasury Department has implemented new rules that execute an executive order issued in April by President Barack Obama authorizing sanctions against countries and foreign nationals involved in cyber-attacks against U.S. citizens, companies, or government agencies. The rules formalize a strategy used to increase sanctions against North Korea in response ...
-
Blog
Wyndham Settles FTC Charges in Cyber-Security Case
Wyndham Worldwide this week agreed to settle charges with the Federal Trade Commission that the company’s security practices unfairly exposed the payment card information of hundreds of thousands of consumers to hackers in three separate data breaches. The FTC first filed the complaint against Wyndham in 2012 over allegations that ...
-
Blog
R.T. Jones Pays SEC $75K for Failing to Adopt Cyber-Security Policies
Investment advisory firm R.T. Jones last week reached a $75,000 settlement with the Securities and Exchange Commission for failing to adopt written policies and procedures reasonably designed to protect customer records and information in violation of the "Safeguards Rule." Such failures ultimately resulted in a cyber-attack that compromised the personally ...
-
Blog
SEC Exams Reveal Mixed Bag of Financial Firms' Cyber-Security Efforts
Last year, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations examined 106 broker-dealers and investment advisers in an effort to better understand how they address the legal, regulatory, and compliance issues associated with cyber-security. An OCIE risk alert released this week breaks down the findings of the ...
-
Blog
Bank Executives, Boards Urged to Share Cyber-Risk Data
Bank executives and directors are getting another new guidance from the multi-agency Federal Financial Institutions Examination Council. The guidance encourages management and boards to ask questions about how accountability is determined for managing cyber-risks; the process for ensuring employee awareness; what is reported to the board on cyber-security events; the ...