Craig Carpenter Quoted on New Cybersecurity Rules in Financial Industry

| April 26, 2016

article image
Craig Carpenter was quoted in a Bloomberg BNA Banking Daily article discussing the New York Department of Financial Services’ potential new cybersecurity reporting requirements. In the article, Craig states that “many of the issues raised in the DFS letter, such as requiring a written cybersecurity plan or expectations from vendors, are already covered by state or federal regulations.”  He further notes that “New York's early proposals go a step beyond many of the existing, vague regulations to require specific cybersecurity ‘best practices’ by including, for example, detailed descriptions of the required contents of a company's cybersecurity policy and vendor agreements and requiring encryption of data at rest and specific penetration and vulnerability testing requirements.” According to Craig, “the biggest impact may not be on financial institutions that are used to being regulated but the potential for this trend in specific cybersecurity requirements bleeding over into other industries that are not as accustomed to regulatory oversight.

Spotlight

Microland Limited

Microland is India's first Hybrid IT Infrastructure Services provider and a trusted partner to enterprises in their IT-as-a-Service journey. Incorporated in 1989 and headquartered in Bangalore, India, Microland has 2,700+ professionals across its offices in Europe,Middle East, North America and India. Microland has been rated amongst the Top 10 Infrastructure Management Providers by Global Services, Microsoft’s Best Indian Infrastructure Partner for the 8th consecutive year, Major Contender in IT Infrastructure Services & Emerging Player in Cloud Infrastructure Services by Everest Group, one of the leading service providers in Remote Network & Voice Infrastructure Management Services by Gartner, ranked amongst the Top 20 Global Cloud Computing Companies by CIO Review and the Top 20 Remote Infrastructure Management Vendors by the Black Book of Outsourcing.

OTHER ARTICLES

EMAIL SECURITY CONCEPTS THAT NEED TO BE IN YOUR EMAIL INFOSEC POLICY

Article | June 16, 2021

Compliance requirements have become more complex because of the continual evolution of security threats and vulnerabilities. Many organizations fail to create an extensive security program to cover their challenges. Emails are one of the most susceptible channels for cyber-criminals to operate. This is why every organization must pay keen attention to email security policies in cybersecurity. Because emails are prone to cyberattacks, enterprises and individuals must take critical measures to secure their email accounts against unauthorized access. Malicious actors use phishing to trick recipients into sharing sensitive information, either by impersonating trusted contacts or legitimate business owners. Email is still one of the most vulnerable avenues for hackers and cyber crooks. Here are the critical email security concepts that need inclusion into your information security policy.

Read More

What Is Mac Malware, How It Penetrates Your Device, and How to Get Rid of It

Article | November 25, 2020

I would like to share my experience with you and talk about viruses created for Mac devices and how to deal with them. You may say that there are no Mac viruses as Apple does not allow it. However, I may say that there are plenty of nasty malware types like adware that open new tabs in your browser, redirect you to irrelevant pages and show numerous popups. Yes, these are not real viruses. Adware like Search Marquis cannot clone itself and infect other connected devices. It cannot encrypt your files or cause any other harm. Its activity is related only to web redirects and excessive advertising. At the same time, who knows which rogue websites adware may land you on next time. It may happen that you end up on a phishing website where cyber crooks harvest personal information that leads to identity theft. Fake antiviruses I strongly recommend removing all adware that penetrated your device. But there is a problem here. If you want to get rid of Mac adware, you cannot quickly find a solution. If you go to google and search there how to get rid of Mac malware, you will see that all top results offer you to buy and install some shady software. In reality, these Mac antiviruses do nothing, as we know that the Apple ecosystem does not allow apps to access other apps' data. No antivirus can really scan and check your files. How to remove Mac malware Solution 1: If your system is infected with adware and you do not know how to get rid of it, you may try to call Apple and ask what to do. You can find their phone number here: support.apple.com/en-gb/HT201232#us-ca. Solution 2: Another option is to try your luck on Apple communities. Thousands of tech enthusiasts help uses with their problems there. Here is a sample thread: discussions.apple.com/thread/8226644. Solution 3: There are other options too. Apple operating systems are not very difficult to use, and any person can remove adware manually by going through step-by-step guides posted on numerous malware removal websites. Here is a guide by BitAdvisors.com on how to remove Search Marquis malware. Most rogue software works by exploiting bugs and vulnerabilities in your computer's operating system. And macOS has its own bugs too. To fix these vulnerabilities, Apple periodically releases operating system updates. To date, macOS has not proved attractive enough for cybercriminals and evil developers to flood it with malware. Protection tips To stays away from any surprises, it is recommended to update your OS as well as all apps installed regularly. You should never install apps from unofficial app stores not controlled by Apple. One of the ways for adware to penetrate your Mac computer is through bundled installs. You download and install a very useful app that is often free, but in reality, you get several apps. People never read user agreements written in small print. There it can be noted that you agree to install additional tools and provide some rights to them. Whenever you install something, be careful and read user agreements, and do not miss additional unnecessary software. Do not install any software without urgent necessity. Any additional software widens the attack surface. To be able to do bad things, current Mac malware requires users to perform some actions – grant rights. So, be careful with allowing any app to access your data, change settings, etc. One more wise move is to make backups. iCloud or ordinary flash drives will help you not lose your data in case of a system glitch or malware attack. Final advice - do use VPNs. Your connection will be encrypted, and attackers will not be able to find where you are actually located or what data your traffic consists of.

Read More

A COVID-19 Cybersecurity Poll: Securing a Remote Workforce

Article | March 17, 2020

As the coronavirus pandemic continues to sweep the globe, and cities and states impose social-distancing measures, businesses are sending their users home to work. And this massive, unprecedented shift to distance working brings with it a whole new set of cybersecurity challenges. For instance, a lack of IT resources can bite many organizations as they move to enable remote strategies. And when workers and students are sent outside the normal perimeter, managing device sprawl, and patching and securing hundreds of thousands of endpoints, becomes a much a bigger challenge. Threatpost editors wanted to learn more about challenges and best practices from the IT and security professionals on the front lines of this. Please take a few minutes to take the Threatpost poll. The answers will be collected the results will be published in an article later this week.

Read More

Creating and rolling out an effective cyber security strategy

Article | April 16, 2021

What’s more, organisations should also keep in mind that prevention alone is not enough; according to IBM, the average breach detection and containment times currently sits in the region of 280 days. In this time, it’s easy for cyber attackers to gain a foothold in an environment and quickly cause damage. “When developing a cyber security strategy, traditionally enterprises have focused on the threat prevention with little attention given to detection and often none to response,” said Martin Riley, director of managed security services at Bridewell Consulting.

Read More

Spotlight

Microland Limited

Microland is India's first Hybrid IT Infrastructure Services provider and a trusted partner to enterprises in their IT-as-a-Service journey. Incorporated in 1989 and headquartered in Bangalore, India, Microland has 2,700+ professionals across its offices in Europe,Middle East, North America and India. Microland has been rated amongst the Top 10 Infrastructure Management Providers by Global Services, Microsoft’s Best Indian Infrastructure Partner for the 8th consecutive year, Major Contender in IT Infrastructure Services & Emerging Player in Cloud Infrastructure Services by Everest Group, one of the leading service providers in Remote Network & Voice Infrastructure Management Services by Gartner, ranked amongst the Top 20 Global Cloud Computing Companies by CIO Review and the Top 20 Remote Infrastructure Management Vendors by the Black Book of Outsourcing.

Events