In 1999, Congress passed the Gramm-Leach-Bliley Act, which requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. The Act mandated the passage of the Safeguards Rule, which was promulgated by the Federal Trade Commission (FTC) in May 2002 and made effective May 2003. In 2019, the FTC began working on amendments to the Safeguards Rule, and on December 9, 2021, the FTC finalized these amendments. Depending on the classification of their financial institution, clients will need to understand the following rule changes and properly abide by the new FTC regulations.
FTC Strengthens Data Security: What The Newest Safeguards Rule Amendment Means For Financial Institutions
Topics: Cybersecurity, Penetration Testing, Risk Assessment, Banking, Financial Institutions
Cybersecurity is one of the main factors to incorporate into your organization’s recession planning. One notorious online cybercriminal group, the Cobalt Cybercrime Gang, has been operating since 2013, completing over 100 heists totaling over EUR 10 billion in losses to the European financial industry. In a time when attackers are highly motivated and financial and reputational losses can have significant effects, it is crucial to have a clear picture and action plan regarding your cybersecurity posture.
With new threats emerging daily, it is essential to identify and address technical and operational risks proactively. Ensuring reliable and uninterrupted function of your operations during an incident means preparing for, protecting against, responding to, and recovering from a cyberattack.
A recession can occur unexpectedly with little to no warning and leave companies vulnerable to opportunistic and persistent threat actors. The two-fold impact of an economic downturn would be that companies reduce spending, often cybersecurity spending, and highly skilled individuals across the globe become desperate for income, possibly turning to “black hat” or malicious hacking. Successful cyberattacks lead to significant financial and reputational losses. Businesses need a mature cybersecurity program that is resilient to today’s complex and often uncertain threat environment.
Topics: Cybersecurity, vulerability assessment, Penetration Testing, Incident Response, vCISO, Recession
Topics: Penetration Testing
How does a new application transition from being theoretically secure to real-world secure? Security controls are necessary, but it’s even more important to ensure they are implemented, enforced, and hardened correctly before the application is exposed to the internet. Start with an Application Penetration Test to reveal the most critical areas for improvement and outline a clear path to securing those vulnerabilities. This assessment is performed similarly to an External & Internal Network Penetration Test; an ethical (white hat) hacker scours your site (or network) for low-hanging fruit and hidden weaknesses, so you can put up the right defenses before the hackers in the wild have a chance to attack!
Topics: Penetration Testing
As a cybersecurity engineer and an unapologetically enthusiastic “web guy,” I have both a personal and professional interest in finding new exploitation methods. Recently, I found an interesting and creative way to control a browser by exploiting a cross-site scripting (XSS) vulnerability. I learn by doing, so I executed the concept to see it work in practice. Without spoiling too much, I was very pleased with the results! This attack uses nothing more than Netcat and some clever XSS injection code. For those unfamiliar with Netcat, it’s a networking utility that reads and writes data across network connections.
Topics: Network Security, Data Protection, Penetration Testing, hacking