Industry Hot News (6435)
On September 13, 2016, the New York State Department of Financial Services (DFS) released proposed cybersecurity regulations for financial institutions.1 When the regulations become effective, they will make New York the first state to implement mandatory cybersecurity requirements on financial institutions, though others are now likely to follow New York’s lead. The regulations are the culmination of several years of DFS interest in how financial services companies address cybersecurity issues. The regulations will be open for public comment for 45 days and are set to take effect on January 1, 2017.
The proposed regulations apply to all entities that are licensed or registered under New York banking, insurance or financial services laws, which include a broad array of institutions, such as: state-licensed banks, savings banks, insurance companies, private bankers, licensed lenders, mortgage companies and state-licensed offices of non-U.S. banks.2 Under the proposed regulations, covered institutions must appoint a chief information security officer3 and “[s]enior management must take this issue seriously and be responsible for the organization’s cybersecurity program and file an annual certification confirming compliance with these regulations.” In addition, the proposed regulations require covered entities to report to DFS within 72 hours any cybersecurity event “that has a reasonable likelihood of materially affecting the normal operation of the entity or that affects Nonpublic Information.”
A recent Bitglass survey of more than 500 IT professionals found that one in three respondents said their enterprise has experienced an insider attack in the last year, and fully 74 percent said their enterprise is vulnerable to insider threats.
Fifty-six percent of respondents said insider leaks have become more frequent in the past year.
Seventy-one percent said they're most concerned about inadvertent leaks resulting from the use of unsanctioned apps, unintended external sharing, and unsecured mobile devices. Sixty-eight percent are concerned about leaks resulting from negligence, and 61 percent are concerned about leaks caused by malicious insiders.
(TNS) - A marker line on the archway of a door in Vinyl Acres on East Patrick Street marks where 3 feet of water reached one year ago after a flood.
“It keeps us from exaggerating,” co-owner Martha Hull said of the water that was throughout the building.
The business, which sells used records, lost about $30,000 of inventory and was closed for a few weeks, but has recovered with the help of the community, she said. Vinyl Acres was one of several businesses damaged by heavy rain and flooding Sept. 29, 2015.
A simple business philosophy has largely guided Michael Cook in operating his Norwood, Mass., managed services provider (MSP).
“It’s kind of common sense,” said the CEO and founder of 17-year-old Corporate IT Solutions (CITS). “I never had a lot of advice or consulting.”
That changed last year, when Cook felt he could no longer stand by in the face of some worrying and pervasive trends.
If you were one of the 500 million who were affected by the Yahoo breach (and I’m right there with you), you have something in common with the top 1,000 companies in the Forbes Global 2000 list. According to research conducted by Digital Shadows, 97 percent of organizations have breached credentials publicly available online, with a median average of 706 credentials per organization. This information is regularly sold, traded, or shared by the hackers, even years after the initial breach occurs. As the report stated:
As a result, the number of compromised credentials that are available online is staggering, providing a goldmine for attackers. With this in mind, it is unsurprising that one report claimed that breached credentials were responsible for 63 percent of data breaches.
These credentials, like passwords and other authentication data, open the door for more damage, the report stated, saying that threat actors will use that information to take over accounts, extort specific individuals within the company, and turn computers into botnets.
(TNS) - Tropical Storm Matthew is gaining strength while moving into the Caribbean Sea and could become a hurricane later today, forecasters say.
It's too soon to tell what impact Matthew might have on Florida as its path is still fairly uncertain, but local forecasters say they'll watching this weekend.
An Air Force Reserve Hurricane Hunter plane flew into the storm this morning and found maximum sustained winds of 70 mph, according to the National Hurricane Center in Miami. Winds need to reach 74 mph for Matthew to be upgraded to a hurricane.
We’d like to think we’d know what to do in an emergency, but studies show many Americans are not as prepared as they think they are. If we, as private citizens, haven’t prepared our homes and families for emergencies, how can we expect our employers to have a plan in place?
Preparing your home for an emergency is quite different than your workplace. We assume our managers and executives have some sort of plan in the books, right? Maybe the answer is in a poll that revealed more than half of Americans assume local authorities will come to their rescue with disaster strikes, whether at home or in the office. If you’re a business owner or have a management role, particularly related to security, maybe it’s time to look at mass notification software as part of an emergency plan.
(TNS) — Missouri’s Department of Health and Senior Services is developing a statewide plan for handling the Zika virus, despite federal aid being held up until late Wednesday to assist states in fighting the possibility of an outbreak.
After months of political wrangling, Congress late Wednesday passed a short-term resolution keeping the government open at current spending levels into the new fiscal year, which begins on Saturday, averting a potential shutdown. It includes funding for states to fight the Zika virus and the mosquitoes that carry it.
Zika is a mosquito-borne virus linked to birth defects, putting pregnant women in particular at risk. Many with the virus aren’t aware they have it. In 20 percent of cases, the virus causes mild symptoms of fever, joint pain and pink eye.
The Business Continuity Institute - Sep 30, 2016 15:14 BST
Irish businesses can expect to wait an average of 40 hours to recover mission critical data that has been lost. That is according to a new study carried out by Datapac, which looked at how organizations are managing the increasing demands placed on their technology infrastructures and business continuity systems.
Datapac’s research found that the amount of data being stored by organizations has increased by an average of 37% over the past year. Despite this rapid growth in data volumes, 26% of Irish businesses surveyed admit they never carry out disaster recovery tests to ensure their data back-ups are recoverable.
It is alarming that over a quarter of businesses do not carry out tests as the only other way of finding out whether or not their processes work is during a crisis. This is clearly a bad time to find out that they don't.
The Cyber Resilience Report, published by the Business Continuity Institute, revealed that two-thirds of organizations experienced a cyber security incident during the previous year and 15% experienced at least 10. This shows that the cyber threat is very real and organizations must take it seriously. This means making sure processes are in place to ensure that data can be recovered quickly and that those processes are tested to make sure that they work.
Karen O’Connor, general manager service delivery at Datapac, commented: “The average length of time to recover mission critical data is unacceptably long at 40 hours. Delays of this magnitude will cause significant financial and reputational damage for most businesses in Ireland. Another worrying finding is that more than a quarter of businesses never carry our tests on their disaster recovery capabilities."
Earlier this month, I wrote a post about Stefan Weitz, a former Microsoft exec who left that company after 17 years to embark on a mission to help online retailers thrive, despite having the dominance of Amazon perpetually looming over them. In this follow-up post, I want to drill down on the vehicle he chose to accomplish that.
That vehicle is Radial, an omnichannel order management system provider in King of Prussia, Pa. Weitz serves as Radial’s chief product and strategy officer, and in my recent interview with him I raised the topic of a Forrester report, released in July, that included some findings that warranted a response from Radial. This follow-up post focuses on that response.
I kicked off this portion of the interview by noting that in its Forrester Wave Omnichannel Order Management report for Q3 2016, the research firm listed IBM and Manhattan Associates as the two omnichannel order management providers in its “Leaders” category, with Radial in a second-tier “Strong Performers” category that includes Oracle, SAP, and NetSuite. So I asked Weitz what Radial needs to do to break away from that pack and get into the “Leaders” category. He initially responded by distinguishing Radial from IBM and Manhattan: