Tag Archive for: Organizations

Computer-Security Incident Rule Creates New Notification Requirements for Banking Organizations and Bank Service Providers | Steptoe & Johnson PLLC


On November 18, 2021, the Federal Deposit Insurance Corporation (FDIC), the Board of Governors of the Federal Reserve System (FRB), and the Office of the Comptroller of the Currency (OCC) issued a joint final rule (the “Computer-Security Incident Rule” or the “Final Rule”) establishing computer-security notification requirements for banking organizations and their bank service providers. The Final Rule, which has an effective date of April 22, 2022, and mandatory compliance date of May 1, 2022, contains two major components.

 

First, a “banking organization” must notify its primary federal regulator of any “computer-security incident” that rises to the level of a “notification incident” no later than 36 hours after the banking organization determines the notification incident has occurred. Second, a “bank service provider” must notify each affected banking organization customer as soon as possible of a “computer-security incident” that has caused, or is reasonably likely to cause, a material service disruption or degradation for four or more hours. The purpose of the Computer-Security Incident Rule’s notification requirements is to provide earlier awareness of emerging threats to banking organizations and the broader financial system.

 

The Final Rule defines a “computer-security incident” as an occurrence that, “(i) results in actual or potential harm to the confidentiality, integrity, or availability of an information system or the information that the system processes, stores, or transmits; or (ii) constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.”

 

A “computer-security incident” that would rise to the level of a “notification incident” triggering the Final Rule’s notification requirements includes, but is not limited to:

  • A ransomware or malware attack that encrypts a core banking system or backup data;
  • A large scale distributed denial of service attack that disrupts customer account access for an extended period of time;
  • A failed system upgrade or change that results in widespread user outages for customers and banking organization…

Source…

Hackers have breached organizations in defense and other sensitive sectors, security firm says


Turn Off, Turn On: Simple Step Can Thwart Top Phone Hackers
Carolyn Kaster

FILE – In this Feb. 17, 2016, file photo an iPhone is seen in Washington. At a time of widespread digital insecurity it turns out that the oldest and simplest computer fix there is — turning a device off then back on again — can thwart hackers from stealing information from smartphones.

(CNN) — Suspected foreign hackers have breached nine organizations in the defense, energy, health care, technology and education sectors — and at least one of those organizations is in the US, according to findings that security firm Palo Alto Networks shared exclusively with CNN.

With the help of the National Security Agency, cybersecurity researchers are exposing an ongoing effort by these unidentified hackers to steal key data from US defense contractors and other sensitive targets.

It’s the type of cyber espionage that security agencies in both the Biden and Trump administrations have aggressively sought to expose before it does too much damage. The goal in going public with the information is to warn other corporations that might be targeted and to burn the hackers’ tools in the process.

Officials from the NSA and the US Cybersecurity and Infrastructure Security Agency (CISA) are tracking the threat. A division of the NSA responsible for mitigating foreign cyber threats to the US defense industrial base contributed analysis to the Palo Alto Networks report.

In this case, the hackers have stolen passwords from some targeted organizations with a goal of maintaining long-term access to those networks, Ryan Olson, a senior Palo Alto Networks executive, told CNN. The intruders could then be well placed to intercept sensitive data sent over email or stored on computer systems until they are kicked out of the network.

Olson said that the nine confirmed victims are the “tip of the spear” of the apparent spying campaign, and that he expects more victims to emerge. It’s unclear who is responsible for the activity, but Palo Alto Networks said some of the attackers’ tactics and tools overlap with those used by a suspected Chinese hacking…

Source…

How Healthcare Organizations Can Keep Active on Email Security


Photography By Kyle Carpenter

The IT staff implemented Forcepoint’s email security gateway in a hybrid cloud and on-premises configuration. When incoming email arrives, Forcepoint in the cloud first scans and blocks spam, viruses, malware and phishing attacks. Emails deemed safe are then sent to MRHC’s on-premises Forcepoint virtual appliance, which performs another security scan to look for issues such as spoofed email headers, he says.

As a precaution, the appliance adds an external email warning in the subject line for emails from outside the organization. “It notifies the recipient to use extreme caution when opening attachments or links,” Chelmowski says.

In addition, Forcepoint’s Secure Web Gateway tool inspects links and stops users from going to malicious sites, while Forcepoint’s DLP software checks to ensure that users do not accidentally expose sensitive information in email or on websites. “If they are on a webpage and try to enter something sensitive, it can alert them,” Chelmowski says.

An email encryption virtual appliance doubles as another DLP tool, checking outbound email for protected health information. If found, it automatically encrypts the email before sending it.

LEARN MORE: Why is layered security essential to healthcare systems’ incident response planning?

If malicious emails somehow get through the Forcepoint technology, MRHC’s traditional on-premises security tools, such as firewalls and anti-virus desktop software, defend against threats. A security information and event management tool also aggregates logs from network and security devices to look for malicious activity.

“We try to limit the threat landscape as much as we can,” Chelmowski says.

Healthcare Cybersecurity Defense in Depth

The reliance on digital communication has grown during the pandemic for the Moffitt Cancer Center in Tampa, Fla., a 7,500-employee nonprofit with five core clinical locations and a cancer research facility. Securing email is a top priority, says Cybersecurity Operations Manager Hugh Percy.

The organization scans emails three times before they reach users: with the cloud-based Mimecast Secure Email Gateway, a next-generation firewall with an…

Source…

Basic Preventative Steps for Organizations


The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) recently issued a Ransomware Profile* identifying steps organizations can take to prevent, respond to and recover from ransomware events**. According to the profile, its “purpose…is to help organizations identify and prioritize opportunities for improving their security and resilience against ransomware attacks.” NIST encourages organizations to use the document as a guide for profiling the state of their own readiness and to identify gaps to achieve their goal.

IN DEPTH


Modeled on NIST’s Cybersecurity Framework Version 1.1, the profile provides practical guidance to organizations to protect against the ransomware threat, including the following “basic preventative steps”:

  • Use antivirus software at all times;

  • Keep computers fully patched, including scheduled checks and installation of patches “as soon as feasible”;

  • Segment networks;

  • Continuously monitor directory services (and other primary user stores) for indicators of compromise or active attack;

  • Use products or services to block access to server names, IP addresses, or ports and protocols that are known to be malicious or suspected to be indicators of malicious system activity;

  • Allow only authorized applications—including establishing processes for reviewing, adding or removing authorized applications—on an allowlist;

  • Use standard user accounts versus accounts with administrative privileges whenever possible;

  • Restrict personally owned devices on work networks;

  • Avoid using personal apps—like email, chat and social media—from work computers;

  • Educate employees about social engineering; and

  • Assign and manage credential authorization for all enterprise assets and software, and periodically verify that each account has the appropriate access only.

The profile outlines steps that organizations “can take now” to help recover from a future ransomware event, including:

  • Develop and implement an incident recovery plan that has defined roles and strategies for…

Source…