On September 13, 2016, the New York State Department of Financial Services (DFS) released proposed cybersecurity regulations for financial institutions.1 When the regulations become effective, they will make New York the first state to implement mandatory cybersecurity requirements on financial institutions, though others are now likely to follow New York’s lead. The regulations are the culmination of several years of DFS interest in how financial services companies address cybersecurity issues. The regulations will be open for public comment for 45 days and are set to take effect on January 1, 2017.
The proposed regulations apply to all entities that are licensed or registered under New York banking, insurance or financial services laws, which include a broad array of institutions, such as: state-licensed banks, savings banks, insurance companies, private bankers, licensed lenders, mortgage companies and state-licensed offices of non-U.S. banks.2 Under the proposed regulations, covered institutions must appoint a chief information security officer3 and “[s]enior management must take this issue seriously and be responsible for the organization’s cybersecurity program and file an annual certification confirming compliance with these regulations.” In addition, the proposed regulations require covered entities to report to DFS within 72 hours any cybersecurity event “that has a reasonable likelihood of materially affecting the normal operation of the entity or that affects Nonpublic Information.”
A recent Bitglass survey of more than 500 IT professionals found that one in three respondents said their enterprise has experienced an insider attack in the last year, and fully 74 percent said their enterprise is vulnerable to insider threats.
Fifty-six percent of respondents said insider leaks have become more frequent in the past year.
Seventy-one percent said they're most concerned about inadvertent leaks resulting from the use of unsanctioned apps, unintended external sharing, and unsecured mobile devices. Sixty-eight percent are concerned about leaks resulting from negligence, and 61 percent are concerned about leaks caused by malicious insiders.
(TNS) - A marker line on the archway of a door in Vinyl Acres on East Patrick Street marks where 3 feet of water reached one year ago after a flood.
“It keeps us from exaggerating,” co-owner Martha Hull said of the water that was throughout the building.
The business, which sells used records, lost about $30,000 of inventory and was closed for a few weeks, but has recovered with the help of the community, she said. Vinyl Acres was one of several businesses damaged by heavy rain and flooding Sept. 29, 2015.
A simple business philosophy has largely guided Michael Cook in operating his Norwood, Mass., managed services provider (MSP).
“It’s kind of common sense,” said the CEO and founder of 17-year-old Corporate IT Solutions (CITS). “I never had a lot of advice or consulting.”
That changed last year, when Cook felt he could no longer stand by in the face of some worrying and pervasive trends.
If you were one of the 500 million who were affected by the Yahoo breach (and I’m right there with you), you have something in common with the top 1,000 companies in the Forbes Global 2000 list. According to research conducted by Digital Shadows, 97 percent of organizations have breached credentials publicly available online, with a median average of 706 credentials per organization. This information is regularly sold, traded, or shared by the hackers, even years after the initial breach occurs. As the report stated:
As a result, the number of compromised credentials that are available online is staggering, providing a goldmine for attackers. With this in mind, it is unsurprising that one report claimed that breached credentials were responsible for 63 percent of data breaches.
These credentials, like passwords and other authentication data, open the door for more damage, the report stated, saying that threat actors will use that information to take over accounts, extort specific individuals within the company, and turn computers into botnets.
We’d like to think we’d know what to do in an emergency, but studies show many Americans are not as prepared as they think they are. If we, as private citizens, haven’t prepared our homes and families for emergencies, how can we expect our employers to have a plan in place?
Preparing your home for an emergency is quite different than your workplace. We assume our managers and executives have some sort of plan in the books, right? Maybe the answer is in a poll that revealed more than half of Americans assume local authorities will come to their rescue with disaster strikes, whether at home or in the office. If you’re a business owner or have a management role, particularly related to security, maybe it’s time to look at mass notification software as part of an emergency plan.
(TNS) - Tropical Storm Matthew is gaining strength while moving into the Caribbean Sea and could become a hurricane later today, forecasters say.
It's too soon to tell what impact Matthew might have on Florida as its path is still fairly uncertain, but local forecasters say they'll watching this weekend.
An Air Force Reserve Hurricane Hunter plane flew into the storm this morning and found maximum sustained winds of 70 mph, according to the National Hurricane Center in Miami. Winds need to reach 74 mph for Matthew to be upgraded to a hurricane.
(TNS) — Missouri’s Department of Health and Senior Services is developing a statewide plan for handling the Zika virus, despite federal aid being held up until late Wednesday to assist states in fighting the possibility of an outbreak.
After months of political wrangling, Congress late Wednesday passed a short-term resolution keeping the government open at current spending levels into the new fiscal year, which begins on Saturday, averting a potential shutdown. It includes funding for states to fight the Zika virus and the mosquitoes that carry it.
Zika is a mosquito-borne virus linked to birth defects, putting pregnant women in particular at risk. Many with the virus aren’t aware they have it. In 20 percent of cases, the virus causes mild symptoms of fever, joint pain and pink eye.
SANTA CLARA, Calif. – Maxta Inc., a leading provider of software-based hyperconvergence, today announced the general availability of a free download of its award-winning MxSP® software for qualified organizations in the U.S., Canada and select European countries. The free download is made available through the company’s freemium licensing model, an industry first in the hyperconverged infrastructure (HCI) segment. The recently introduced licensing model offers a simpler, more economical approach for enterprises to evaluate, test and quickly deploy HCI in their IT environments. Approved registrants will receive a perpetual, transferable license to a fully-featured version of Maxta® MxSP software free of charge, enabling them to configure and deploy a three-node HCI cluster with a maximum storage capacity of 24 terabytes. The company also announced the introduction of the Maxta Community, an online site for registered users of MxSP software and MaxDeploy® appliances. The new site provides a forum for users to ask questions, seek expert advice from Maxta, engage with peers and access self-help resources. Users may register for site membership at community.maxta.com. MxSP software helps IT teams of any size transform their complex and costly virtualized infrastructure into an agile, efficient architecture by converging traditionally separate compute and storage tiers. The result is dramatically simpler management and significant cost savings by eliminating the need for expensive and complicated storage area networks and storage arrays. Maxta software-based HCI solutions offer unparalleled freedom of choice in servers, storage and virtualization platforms, eliminating expensive vendor lock-in and creating much greater flexibility than hardware-centric HCI appliances. MxSP-enabled clusters can support any x86-based server including all-flash or hybrid storage configurations. Clusters may be scaled up or scaled out in increments as small as a single storage device or server at a time. Compute-only nodes may also be added to scale computing power independently of storage capacity. “Since announcing our freemium hyperconvergence licensing model just a month ago we have received hundreds of advance registrations from organizations of all types and sizes,” said Yoram Novick, founder and chief executive, Maxta Inc. “This demand underscores the strong interest and need for a simpler, faster and less expensive way to evaluate, test and deploy hyperconverged infrastructure without complicated transitions from the lab to the production environment.” Free MxSP licenses may be non-disruptively upgraded to a premium license, enabling unlimited capacity scaling and the ability to add additional server nodes. Premium licenses include full software maintenance, product enhancements and access to 7X24 Maxta support. MxSP software licenses may be transferred without additional charge, offering significant lifetime value by eliminating the need to pay again for software when replacing or upgrading server technology. To register for a free MxSP license, please visit www.maxta.com or contact Maxta at 1-844-44-MAXTA. About Maxta Maxta is redefining enterprise IT infrastructure through a groundbreaking approach to hyperconvergence that dramatically simplifies operations while delivering much greater agility and cost savings. Our award-winning MxSP software and MaxDeploy® appliances offer unparalleled freedom of choice in servers, storage devices and server virtualization platforms, while eliminating the need for complex and costly storage arrays. For more information, visit us at www.maxta.com or follow us on Twitter @MaxtaInc and LinkedIn.
The Business Continuity Institute - Sep 30, 2016 15:14 BST
Irish businesses can expect to wait an average of 40 hours to recover mission critical data that has been lost. That is according to a new study carried out by Datapac, which looked at how organizations are managing the increasing demands placed on their technology infrastructures and business continuity systems.
Datapac’s research found that the amount of data being stored by organizations has increased by an average of 37% over the past year. Despite this rapid growth in data volumes, 26% of Irish businesses surveyed admit they never carry out disaster recovery tests to ensure their data back-ups are recoverable.
It is alarming that over a quarter of businesses do not carry out tests as the only other way of finding out whether or not their processes work is during a crisis. This is clearly a bad time to find out that they don't.
The Cyber Resilience Report, published by the Business Continuity Institute, revealed that two-thirds of organizations experienced a cyber security incident during the previous year and 15% experienced at least 10. This shows that the cyber threat is very real and organizations must take it seriously. This means making sure processes are in place to ensure that data can be recovered quickly and that those processes are tested to make sure that they work.
Karen O’Connor, general manager service delivery at Datapac, commented: “The average length of time to recover mission critical data is unacceptably long at 40 hours. Delays of this magnitude will cause significant financial and reputational damage for most businesses in Ireland. Another worrying finding is that more than a quarter of businesses never carry our tests on their disaster recovery capabilities."