Tag Archive for: Trade

Federal Trade Commission publishes final updated Safeguards Rule | Thompson Coburn LLP

/in


On October 27, 2021, the Federal Trade Commission (“FTC”) announced significant updates to the Safeguards Rule. The FTC asked for comments on the Rule in 2019, and held a public workshop on the Rule in 2020. The Final Rule was published in the Federal Register on December 9, 2021. The Rule is effective on January 10, 2022, however, most of the substantive provisions of the Rule take effect a year from the publication date.

Per the final rule summary, the amended Rule contains five primary changes:

  • “First, it adds provisions designed to provide covered financial institutions with more guidance on how to develop and implement specific aspects of an overall information security program, such as access controls, authentication, and encryption. 
  • Second, it adds provisions designed to improve the accountability of financial institutions’ information security programs, such as by requiring periodic reports to boards of directors or governing bodies. 
  • Third, it exempts financial institutions that collect less customer information from certain requirements. 
  • Fourth, it expands the definition of ‘financial institution’ to include entities engaged in activities that the Federal Reserve Board determines to be incidental to financial activities. This change adds ‘finders’–companies that bring together buyers and sellers of a product or service– within the scope of the Rule. 
  • Finally, the Final Rule defines several terms and provides related examples in the Rule itself rather than incorporate them by reference from the Privacy of Consumer Financial Information Rule (‘Privacy Rule’).”

Substantively, the amended Rule generally follows the approach outlined in the 2019 proposal with certain amendments and clarifications.

The 2021 changes to the Safeguards Rule passed by a 3-2 vote by the FTC with the three “yes” votes coming from Democrats and 2 “no” votes from Republicans. Commissioners Noah Joshua Phillips and Christine S. Wilson dissented. Commissioner Rebecca Kelly and Chair Lina M. Khan also released a joint statement. The split vote on the final Rule, as well as on the 2019 proposed Rule, reflect a change from prior rulemakings in the security…

Source…

Zero hour – A booming trade in bugs is undermining cyber-security | Books & arts

/in


This Is How They Tell Me The World Ends. By Nicole Perlroth. Bloomsbury; 528 pages; $21 and £14.99

IF YOU DISCOVER that a favourite vending-machine dispenses free chocolate when its buttons are pressed just so, what should you do? The virtuous option is to tell the manufacturer, so it can fix it. The temptation is to gorge. More lucrative still might be to sell the trick to others—including those with larger appetites and fewer scruples. But when the weaknesses of a system can be bought and sold, the results can be calamitous, as “This Is How They Tell Me The World Ends” shows.

Nicole Perlroth, a cyber-security correspondent for the New York Times, has produced an engaging and troubling account of “zero-day exploits”. An exploit is a piece of code that takes advantage of a vulnerability in software, typically to gain access or do harm. A zero-day exploit is rarer: it targets a hitherto undiscovered—and therefore undefended—blind spot.

Twenty years ago, exploits for Windows software yielded “pennies on the dollar”, a former hacker recalls. But as software became ubiquitous—running utilities, nuclear plants and warplanes—it grew more alluring. Zero-days became the “blood diamonds of the security trade”, says Ms Perlroth, fetching six or seven figures depending on their target and potency.

Such price signals worked as you would expect. Young men—in this story, there are few women—who once unearthed bugs for fun found a rich seam in governments eager to acquire and stockpile zero-days for use against their rivals. A high-minded hacker could choose to sell the fruits of his labour to defenders rather than attackers, as software companies began offering ever-larger “bug bounties”. Google even matched bounties that hackers donated to charity; one German whizz thus lavished funds on kindergartens in Togo, schools in Ethiopia and solar plants in Tanzania.

The trouble is that spiritual rewards tend to pale beside pecuniary ones. “If we wanted to volunteer, we’d help the homeless,” sneers Chaouki Bekrar, the French founder of Vupen, one of many brokers that bought exploits from hackers and sold them, at spiralling prices, to intelligence…

Source…

5G Stocks: SolarWinds Hack Reveals a “Backdoor” Cyber Trade

/in


InvestorPlace – Stock Market News, Stock Advice & Trading Tips

Cybersecurity used to mean just running McAfee antivirus software on your desktop computer.

A digital illustration of a hacker in a blue sweatshirt.

Source: Shutterstock

That’s not true anymore.

Cyberattacks are no longer the result of clicking on a rogue link in a suspicious email. Now they occur on a global scale, and they are the subject of coverage from all major news outlets.

In the past two weeks, we’ve all learned about a major hack of the U.S. government. As CNBC reported:

The scale of a sophisticated cyberattack on the U.S. government that was unearthed this week is much bigger than first anticipated. 

The Cybersecurity and Infrastructure Security Agency (CISA) said in a summary Thursday that the threat “poses a grave risk to the federal government.”

It added that “state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations” are also at risk.

While CISA hasn’t identified the group responsible for this incredibly dangerous hack, many experts point to Russia. By hacking the IT management company SolarWinds, the cyber criminals were able to target the departments of Homeland Security, Commerce, Treasury, and Energy; cybersecurity firms like FireEye Inc. (NASDAQ:FEYE); and the tech giant Microsoft Corp. (NASDAQ:MSFT).

Obviously, these attacks are a threat to investors’ capital. A cyberattack on any company can, at a minimum, spook the market and push a stock’s value lower.

Microsoft, for example, dropped slightly the day after its breach was reported, but the effects of any cyberattack could always be worse than simply losing money on one of the largest tech companies in the world.

That’s why cybersecurity has become a major investment opportunity.

The term cybersecurity describes a broad range of proactive protections and reactive defenses — all of which try to thwart a specific cyber threat or combination of threats.

The first-generation cybersecurity tactics were usually add-on’s to an existing hardware or software platform — kind of like building a wall around an existing house. But many next-generation tactics incorporate…

Source…

Federal Trade Commission Reaches Settlement with Zoom, Requires Improved Security for Users Personal Info

/in


requires Zoom to live up to its privacy and security promises

Daily life has changed a lot since the pandemic started. Because face-to-face interactions aren’t possible for so many of us, we’ve turned to videoconference for work meetings, school, catching up with our friends, even seeing the doctor. (FTC image)

BREVARD COUNTY, FLORIDA – Daily life has changed a lot since the pandemic started.

Because face-to-face interactions aren’t possible for so many of us, we’ve turned to videoconference for work meetings, school, catching up with our friends, even seeing the doctor.

When we rely on technology in these new ways, we share a lot of sensitive personal information. We may not think about it, but companies know they have an obligation to protect that information.

The FTC just announced a case against video conferencing service Zoom about the security of consumers’ information and videoconferences, also known as “Meetings.”

The FTC claimed that Zoom failed to protect users’ information in a variety of ways:

  • Zoom said it provided end-to-end encryption — a way to protect communications so only the sender and the recipient can see it — for Zoom Meetings. It didn’t.
  • Zoom said it secured Meetings with a higher level of encryption than it actually provided.
  • Zoom told users who recorded a Meeting that it would save a secure, encrypted recording of the meeting when it ended. In reality,
  • Zoom kept unencrypted recordings on its servers for up to 60 days before moving them to its secure cloud storage.
  • Zoom installed software, called ZoomOpener, on Mac users’ computers. This software bypassed a Safari browser security setting and put users at risk — for example, it could have allowed strangers to spy on users through their computer’s web cameras. Or hackers could have exploited the vulnerability to download malware onto — and take control of — users’ computers. If users deleted the Zoom app, the ZoomOpener remained, as did these…

Source…