Cyber Security

Verizon report shows most data security breaches “easily preventable”

Verizon recently released a report that showed a majority of data security breaches that occurred last year were accomplished using weak or stolen credentials, a risk the company said is “easily preventable.” “If you want to see how widely available hacking tools have become, do a web search for ‘password cracker,’” the report,... Read More...

NAFCU urges Senate, House leaders to take action on data security

The National Association of Federal Credit Unions urged Congress last week to take action on proposed data security and breach notification standards. The call for action came one day after Michaels Stores confirmed as many as 2.6 million customers had their credit card data compromised between May 2013 and January 2014. Between June 2013 and... Read More...

Kentucky becomes 47th state to enact data breach notification law

Kentucky became the 47th state to enact data breach notification legislation earlier this month after Gov. Steve Beshear signed a bill into law that would require firms to notify consumers in the event of a data breach. Only three states—Alabama, New Mexico and South Dakota—do not have laws in place requiring companies to notify consumers... Read More...

House subcommittee holds hearing on role of law enforcement in data breaches

Witnesses testified last week before the House Homeland Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies that information-sharing among law enforcement agencies and regulators is critical to protecting the nation’s infrastructure from the growing threat of cyberattacks. The subcommittee hearing, held at... Read More...

SEC latest regulator to issue guidance on Heartbleed vulnerabilities

The SEC joined the growing list of federal regulatory agencies and organizations warning banks and credit unions about the risks of cyberattacks. Last week, the SEC released an outline detailing how agency examiners will assess preparedness for cyberattacks and the kind of information that might be requested of management. Additionally, the... Read More...

Report: 18 percent of Americans report personal data breaches

Data recently released by the Pew Research Center showed more Americans have experienced personal data breaches, with the number rising from 11 percent in July 2013 to 18 percent in January. According to the survey, 21 percent of adults on the internet have experienced a security breach in email or social networking accounts—the number was... Read More...

OCC’s Curry warns of third-party security risks for financial institutions

Comptroller of the Currency Thomas Curry spoke on Wednesday on the growing threat of cyberattacks and concerns regarding financial institutions’ reliance on third parties to secure their own systems. “The fact is, we live in a world where consumers use their cellphones to deposit checks, pay bills over the internet and make purchases at... Read More...

NRF to establish retail information-sharing platform to combat cybercrime

The National Retail Federation said on Monday it will establish a program to provide the retail community with information on cybersecurity threats identified in the financial services sector. The program, which will be developed in partnership with the Financial Services Information Sharing and Analysis Center, will set up an... Read More...

FFIEC: Firms need to address Heartbleed vulnerability

The Federal Financial Institutions Examination Council said on Thursday that it expects firms to address a recently revealed OpenSLL vulnerability dubbed "Heartbleed." FFIEC said that financial institutions should upgrade systems and incorporate patches on systems and services, applications, and appliances that use OpenSSL  as soon as... Read More...

Tripwire gifts cybersecurity service to Penn State

Leading global risk-based security and compliance management solutions provider Tripwire, Inc., announced the gift of a cloud-based risk and analytics cybersecurity service on Thursday to the Center for Cyber Security, Information Privacy and Trust at Penn State’s College of Information Sciences and Technology. Penn State has valued the... Read More...

ACCA USA, Pace University convene cybercrime symposium

ACCA USA, the U.S. arm of the Association of Chartered Certified Accountants, and Pace University convened the second annual cybercrime symposium and panel discussion on April 3. “As our world becomes more connected than ever before, the threat of cybercrime has become a reality for far too many businesses, governments and individuals,”... Read More...

Regulators warn banks, credit unions of ATM cyberattacks

Financial regulators warned financial institutions on Wednesday that cyberattackers have recently targeted ATMs and card networks to gain access to funds and urged banks and credit unions to review security protocols to address the growing risks. The Federal Financial Institutions Examination Council, which includes the OCC, Federal Reserve,... Read More...

Sen. McCaskill: Policymakers need to clarify costs of data breaches

Sen. Claire McCaskill (D-Mo.) said last week in a hearing to examine the Target data breach that policymakers need to address confusion surrounding the costs of data breaches and how losses are absorbed. McCaskill, a member of the Senate Commerce, Science and Transportation Committee, which held the hearing last Wednesday, said companies... Read More...

Senate committee, witnesses support national data breach notification

Leaders from the Senate Commerce Committee and witnesses at a committee hearing on Wednesday expressed support for a national data breach notification standard aimed at protecting consumers’ personal data from cyberattacks. “A single federal standard would ensure all consumers are treated the same with regard to notification of data... Read More...

Survey: 44 percent of customer financial accounts compromised

A recent survey of professionals in the financial industry revealed that 44 percent of customer accounts at financial institutions have been compromised by data breaches, leading many institutions to alter their risk strategies to combat the rising number of cyberattacks. According to the survey, conducted by ACI Worldwide at BAI Payments... Read More...

Dell SecureWorks’ Multz: Banks must protect against social engineering

Jeff Multz, the director of midmarket North America at Dell SecureWorks, recently said that community banks need to protect against social engineering and associated risks. In the March/April edition of “The Texas Independent Banker,” a publication of the Independent Bankers Association of Texas, Multz said social engineering, in which... Read More...

Senate committees to hold hearings on cybersecurity

Two Senate committees will hear testimony from experts on Wednesday on cybersecurity and reducing risks to consumer data and national infrastructure. The Senate Homeland Security Committee will hold a hearing at 10 a.m. to examine ways to prevent attacks on the nation’s critical infrastructure. Witnesses will include Phyllis Schneck, the... Read More...

USAA warns of “card-popping” social media fraud scheme

The USAA Enterprise Security Group warned consumers last week of an emerging social media fraud scheme in which fraudsters solicit personal financial information, which they then use in mobile banking applications to commit fraud. The group began investigating the fraud, known as card popping, in December. In the new version of fraud similar to... Read More...

CHARGE Anywhere releases ComsGate E2E encryption solution

CHARGE Anywhere recently launched the ComsGate eCrypt solution—designed for the ISO/MSP channel—which allows merchants, developers and systems personnel to process card payments with end-to-end encryption. “Merchants, developers and integrators need a solution that will enable them to seamlessly achieve the highest level of... Read More...

Treasury’s Amir-Mokri stresses collective cybersecurity effort

Cyrus Amir-Mokri, the assistant secretary for financial institutions at the U.S. Treasury, stressed this week the importance of a collective cybersecurity effort with a partnership between the public and private sectors. “[I]t is important for the government to share information and provide technical assistance to the private sector,”... Read More...

Prelert reports expansion in demand for anomaly detection in big data

Anomaly detection firm Prelert announced on Monday record expansion going into 2014, driven in part by increased concerns regarding data breaches at retailers. Prelert said IT security was the most commonly cited case for use among new customers, accounting for 25 percent of new deployments during 2013. Other commonly cited use cases included... Read More...

Survey: Government should offer tax incentives to encourage NIST use

A recent survey by IT software company Tripwire showed 72 percent of security professionals believe the government should offer tax incentives to the private sector to encourage the adoption of the NIST cybersecurity framework. NIST introduced the new cybersecurity framework last month after President Obama issued an executive order to develop... Read More...

Report: Demand for cybersecurity professionals outpaces supply

A new report released by Burning Glass Technologies showed cybersecurity job postings have risen 74 percent since 2007, outpacing the growth of IT jobs overall, though the demand far exceeds the pool of qualified candidates. According to the report, cybersecurity postings remain open 24 percent longer than all IT jobs. In 2013, there were more... Read More...

MasterCard, Visa form cross-industry group on payments security

MasterCard and Visa announced on Friday a new cross-industry group aimed at enhancing the security of the U.S. payments system, with initial focus on the adoption of EMV chip technology, tokenization and point-to-point encryption. “One of the critical roles we play is to protect consumers and businesses against criminals and fraudsters,”... Read More...

NRF urges “holistic” approach to data security reform

The National Retail Federation urged Congress during a data security hearing on Wednesday to proceed with data breach reform in a “holistic fashion.” “[W]e should not be satisfied with deciding what to do after a data breach occurs—who to notify and how to assign liability,” the NRF said in an official statement. “Instead, it’s... Read More...

Lookingglass receives awards for ScoutVision cyber threat monitoring

Lookingglass Cyber Solutions announced on Tuesday that its ScoutVision cyber threat intelligence monitoring platform was named an award winner by Info Security Products Guide in the “Finance and Banking” and “Innovation in Enterprise Security” categories. “Being recognized in two categories by Info Security Products Guide is an honor... Read More...

House subcommittee to hold data security hearing

The House Financial Services Subcommittee on Financial Institutions and Consumer Credit will hold a hearing later this week on protecting Americans' sensitive information. The hearing, scheduled for 10 a.m. on March 5 at the Rayburn building, will include testimony from William Noonan, the deputy special agent in charge of criminal... Read More...

PSCU receives patent for CardLock fraud solution

PSCU announced earlier this week that it has received a patent for its CardLock fraud prevention solution—introduced in 2009—that allows cardholders to block and unblock card authorizations on cards registered with the service. “This patent validates CardLock as the first solution of its kind in the industry,” PSCU Chief Risk Officer... Read More...

Dell SecureWorks’ Multz: Small banks easier prey for cyberattackers

Jeff Multz, the director of North America midmarket sales at Dell SecureWorks, recently said that mistakes made by smaller banks make them more susceptible to cyberattacks. “Small banks often tell me, ‘We’re too small to matter,’ ‘We don’t store valuable data,’ and ‘Our core provider provides security,’” Multz said in... Read More...

Maryland policymakers sign NCCoE expansion, collaboration agreement

Legislators and policymakers met at the Maryland State House last week to sign an agreement that provides for the expansion of the National Cybersecurity Center of Excellence. NCCoE, a project of the National Institute of Standards and Technology’s Information Technology Laboratory, provides firms with cybersecurity solutions developed from... Read More...

NCUA’s Matz: Credit unions need to prepare for potential cyberattack

National Credit Union Administration head Debbie Matz said on Monday that the credit union system needs to be prepared for potential cyberattacks to protect members’ data and to satisfy regulatory authorities. “A data breach – even if it’s outside the financial system – can have enormous negative repercussions inside the financial... Read More...

McAfee to offer free full-feature Mobile Security app to iOS, Android users

Intel subsidiary McAfee announced on Monday the availability of a full-feature version of McAfee Mobile Security for iOS and Android consumers, available in 30 languages at no cost. The free version of the security app, launched as part of an Intel Corp. initiative to better integrate security into the customer experience, features enhanced... Read More...

« Previous Stories