As the financial services industry moves toward an ever-greater dependence on technology, we must always keep an eye on the future to ensure that any new technological advancement or implementation delivers the same, if not better, benefits and risk management capabilities. One emerging area that has garnered a lot of attention in recent years is Distributed Ledger Technology (DLT). While DLT holds great promise, there is currently no clear path around how to implement the technology in a way that addresses documented and evolving security risks.
Counterfeiters do not take time off. At its core, counterfeiting preys upon our vulnerabilities and takes advantage of the average customer at any cost. This is particularly true right now during the coronavirus pandemic, the most inconvenient and vulnerable moment in generations. In the midst of mass shortages and colossal demands for certain products, especially in the health field, the counterfeit community has seen a golden opportunity. Over the past few months, tens of millions of new counterfeit products have been seized or identified on the web. These include fraudulent face masks, ventilators, disinfectants and testing kits.
As consumers increasingly turn to online shopping for essential and non-essential goods while at home, fraudsters have adapted their technique to use more sophisticated tactics against consumers, banks and merchants.
The EDPB’s FAQs resolve some open questions, such as whether there will be a grace period for companies relying on Privacy Shield, but raise other questions, such as what “supplementary measures” companies need to put in place to use Standard Contractual Clauses and Binding Corporate Rules.
In the wake of the Court of Justice of the European Union’s Schrems II judgment, on July 23, 2020, the European Data Protection Board (EDPB) adopted a Frequently Asked Questions document to “provide initial clarification and give preliminary guidance to stakeholders on the use of legal instruments for the transfer of personal data to third countries, including the U.S.” The EDPB stated that the document will be updated, and further guidance provided, as it continues to examine and consider the judgment. The six-page FAQs provides the following guidance.
Though organizations have changed their IT environments to accommodate remote workers, 39 percent of respondents have not changed their security programs as a result of COVID-19, potentially exposing their organizations to cyber risks from new and more sophisticated attacks, reveals a new Crowdstrike report.
Zero Trust model creator John Kindervag puts it like this: “The point of Zero Trust is not to make networks, clouds, or endpoints more trusted; it's to eliminate the concept of trust from digital systems altogether.” He came up with the model in 2010, at a time when many businesses were just beginning to put foundational cybersecurity controls in place and over-relied on the assumed security inside their enterprise-owned network boundaries.
With telecommuting here to stay, now is the perfect time to re-examine just how much network access you are giving your users and machines. You might be shocked to see how open your network really is. Most organizations allow more access than their users or machines will ever need or should ever have – this excessive trust is what allows attackers who get into the network to spread and cause a lot of damage.
Global natural disaster events during 1H 2020 caused total economic losses estimated at $75 billion – 23 percent lower than the 2000-2019 average of USD98 billion, says Aon's Global Catastrophe Recap: First Half of 2020 report.
Honeypots were the first form of deception technology. IT security researchers started using them in the 1990s, with the intent to deceive malicious actors who had made it onto the network into interacting with a false system. In this way, honeypots could gather and assess the behavior of the malicious actors. They were not created for threat detection. However, things have changed a great deal in the years since honeypots were created – including deception technology.