New FFIEC Guidance Highlights Mobile Banking Risks

Posted by Greg Mancusi-Ungaro

Thu, Jun 09, 2016

The FFIEC has just published new examiner guidelines focused on institutional risks arising from mobile banking technologies and practices. Financial Institutions are now likely to face tough questions about their security practices around mobile apps, and mobile banking websites and infrastructure. This new guidance applies to all FDIC institutions, including those with assets less than $1Billion.

From the April FFIEC Guidance on Mobile Banking:
  • The appendix emphasizes an enterprise-wide risk management approach for effectively managing and mitigating the risks associated with mobile financial services.
  • The appendix discusses the technologies used in the mobile delivery channel, elevated risks that may result, and appropriate controls implemented by institutions or third-party providers.
  • The appendix contains a work program to assist examiners in determining the risks posed by an institution’s mobile financial services and assessing the controls that have been implemented to mitigate those risks.

For the first time, the FFIEC is emphasizing that institutions gain visibility to and understanding of ALL mobile apps and mobile banking infrastructure that appear to be related to the institution. Some of these will be legitimate, implemented and authorized by the institution. But others will have been deployed by cyber criminals to attack the institution, the institution's customers, and the institution's partners.To help CISOs and security teams better understand the guidance, and to provide useful strategies for addressing these new security requirements, BrandProtect subject matter expert Dylan Sachs will review the recent guidance in a free one-hour webcast schedule for June 23, 2016 from 1:00 - 2:00 p.m.

Read More

Topics: mobile app monitoring, cyber threats, Chief Security Officer, bankSMART, FFIEC

What Should CISOs Learn from Ashley Madison?

Posted by Greg Mancusi-Ungaro

Wed, Sep 02, 2015

This month the BrandProtect Executive Threat Brief focused on lessons that individuals can learn from Ashley Madison. It is likely that the Ashley Madison breach will be remembered as one of the most notorious and high-profile breaches ever. Why? Because the exposed data was more than just personally embrassing, it was, in many cases, relationship-changing, employment-threatening, and business damaging.

5 Key Take-Aways

1) Ashley Madison is Bad for Your Business
Many companies saw their name dragged through the dirt as scores of corporate email addresses surfaced among the millions of exposed Ashley Madison accounts. Deserved, or undeserved, it is never good when your company is dragged through the dirt. And when key executives and other corporate leaders are caught up in the story, it can be very bad for business.

Read More

Topics: data breach, Chief Security Officer, Brand Threats, Ashley Madison

Threat Vendors are Going Mainstream:Extortion Is Their Business Model!

Posted by Greg Mancusi-Ungaro

Wed, May 27, 2015

I’m just back from a fantastic International Trademark Association (INTA) conference. It is exciting to spend a few days with the foremost practioners in trademark and IP world.  One of the most visible organization there was a registrar, Vox Populi Registrar, Inc., who owns the .SUCKS gTLD.   Their representatives, clad in bright blue and white, were merrily touring the floor, speaking with vendors and attendees, about how much business sense it made to a brand to purchase the .SUCKS domain.  There booth featured a continuous slide show of F500 brands,"using" the .SUCKs domain.  ibm.sucks; ford.sucks; starbucks.sucks. yourcompanyhere.sucks. Outside the conference hall, there were more blue-clad representatives, passing out .SUCKs items that were prohibited in the hall. The Vox Populi message was communicated clearly --  It only costs $2500/year to reserve this gTLD.
"Isn't that a small amount to pay to know that no one else uses it with your brand?..."

Read More

Topics: risk management, brand abuse, online brand protection, Reputation Management, INTA, trademark, intellectual property, Risk, gTLDs, cyber threats, Chief Security Officer, online risk, unauthorized associations

Healthcare Markets Are Under Threat

Posted by Greg Mancusi-Ungaro

Tue, Apr 21, 2015

Recently, on Dark Reading, Sara Peters and Ericka Chickowski wrote a great piece that ran about PII-centric attacks and threats in the healthcare market.

As the Health Care marketplace moves online, opportunistic criminals are retraining their attacks to focus on Health Care consumers.

Over the past decade, there has been enormous pressure on the healthcare industry to move health records online.  Today, according to studies recently published by the U.S. Department of Health & Human Services, almost 90 percent of all doctors and almost 75 percent of all hospitals have deployed at least a basic electronic health record system. And, these adoption rates have soared over the past five years. Insurance reimbursements have been managed online for years, and healthcare enrollments through employers are increasingly managed through a Web browser. The rollout of the Affordable Care Act, with its online purchase model, further accelerated the migration of healthcare to a predominantly online model.

Read More

Topics: Identity Theft, Security, Brand Governance, Internet Threats, Chief Security Officer, PII, CIO,, Health Care

Why Should the CSO care About Social Media? Top 5 Reasons Why They Should

Posted by Shanna Gordon

Wed, Oct 16, 2013

There are very few CSO’s that care about tweets, Instagram’s, likes, followers. etc.  Understandably, it’s not their job to care about how popular their brands are on Facebook or how their Twitter followers have grown by 56% in 2013.   The management of these categories falls to the marketing social media and branding departments.  Despite this, however, those teams are very focused on their marketing initiatives and not, say physical security threats against their organization or disgruntled employees threatening to go postal.

Read More

Topics: Brand Protection, Security, Privacy Protection, employees social media, Risk, Chief Security Officer

Subscribe to our weekly CyberThreat Digest

Each week, our Cyber Threat Analyst team prepares a digest of the latest cyber threat news and alerts. Subscribe today and begin receiving it on Monday.

 Get the Weekly CyberDigest

 

Subscribe to receive a weekly summary of our latest posts

Posts by Topic

see all