What NY CRR 500 Means for Vendor Compliance Management

by Sarah Harvey / December 16, 2022

NY CRR 500 and Vendor Compliance In March 2017, the New York State Department of Financial Services Cybersecurity Requirements Regulation for Financial Services Companies Part 500 (NY CRR 500) of Title 23 went into effect, establishing new cybersecurity requirements for financial services companies. NY CRR 500 requires that financial services companies (covered entities) develop a cybersecurity program that protects the confidentiality, integrity, and availability of sensitive customer information and information…

7 Deadly Breaches of 2018 (So Far)

by Sarah Harvey / December 16, 2022

With the complexity of the current threat landscape, organizations must be more alert than ever to potential data breaches. Who will be next? What happened? What will the fine be? While we’re only midway through 2018, we’ve seen headline after headline from organizations who have come forward to notify their customers of breaches. Let’s a take look at some of the top data breaches of 2018 to learn what went…

PCI DSS Update: Version 3.2.1 Released

by Sarah Harvey / December 16, 2022

On February 1, 2018, nine new PCI DSS requirements went into effect. Four months later, the PCI Security Standards Council (SSC) published a minor revision to the PCI DSS. PCI DSS v3.2.1 replaces v3.2 and addresses effective dates and Secure Socket Layer (SSL)/early Transport Layer Security (TLS) migration deadlines that have passed. Though PCI DSS v3.2.1 does not introduce any new requirements, let’s discuss the minor revisions made, when they…

[24]7.ai Cyber Incident: How Your Vendors Can Impact Your Security

by Sarah Harvey / December 16, 2022

Vendor Compliance Management: What Happened? On April 4th, [24]7.ai, a customer support software company, announced a cyber incident “potentially affecting the online customer payment information of a small number of our client companies,” that occurred between September 26 and October 12, 2017. This cyber incident specifically occurred in [24]7.ai’s chat tool. Never heard of [24]7.ai? We hadn’t either, but their well-known clients gave this breach national attention. Sears, Delta Air…

Ransomware Alert: Lessons Learned from the City of Atlanta

by Sarah Harvey / December 20, 2022

What Happened in Atlanta? On March 22, the City of Atlanta suffered from an incredibly damaging ransomware attack from SamSam. Multiple types of applications, including internal and customer-facing applications that allow bill payment and access court-related documents, were compromised. For over a week, a cross-functional incident response team made up of the FBI, Department of Homeland Security, Microsoft, Cisco Security, and Dell SecureWorks have been working to find a resolution. In…