When it comes to cybersecurity, banking is one of the most highly-regulated industries, with multiple checks and failsafe steps put in place to ensure the highest possible level of protection. And while industry as well as government regulations include extensive, rigorous assessments, compliance alone does not suffice. Financial institutions simply must take the extra steps beyond compliance to ensure that their network and clients’ information are protected from cyber threats. On February 22nd, Network Box USA and ReliableIT hosted a Lunch & Learn for financial institutions at Maggiano’s Little Italy in Houston. This casual gathering was aimed at discussing compliance and cybersecurity. Attendees enjoyed a family-style Italian meal, as Nikki Almazan, Banking Compliance Expert from ReliableIT, talked at length about the threat landscape for banks and credit unions. She also touched on CAT, the Cybersecurity Assessment Tool, put forth by the FFIEC. After the presentation, Pierluigi Stella, CTO of Network Box USA, opened the floor for a roundtable discussion that included hot topics such as ransomware and web application security. He also, of course, circled …
In this concluding post on the topic of Spear Phishing, allow me to share something which happened to one of our clients last week.
Cybersecurity experts from Network Box USA, Proficio and Securonix commented on news that a 2012 breach of LinkedIn member information was much larger than originally reported, and that the data is available for purchase online.
This year is notable on multiple fronts: It’s the conference’s 25th anniversary, parts of the Moscone Center are being demolished and rebuilt – thus displacing some of the conference – while attendance is on track to reach peak levels. Indeed, the organizers predict that they will see more than 40,000 attendees this year.
It’s especially important to highlight that when you put in a government mandated backdoor, the only ones affected are those who really have nothing to hide.
The general issue of security needs to be put into proper perspective – anything made by humans can, and will be, broken by humans; and in reality, those who break always have an advantage – they’re working with something that exists, and have the luxury of time to try and figure out how to break it.
The Apple story is indeed surprising in 2 different ways. First, the hackers changed the libraries for Apple API in such a way that wasn’t possible to distinguish them from the original ones. Then Apple had to miss that these apps were delivering malware, which is unusual given the very strict procedures they undergo before an app is admitted to their store.