Financial regulators weigh cybersecurity requirements

November 10, 2015

Associated Press

In honor of October's designation as National Cybersecurity Awareness Month, the U.S. Small Business Administration (SBA) has unveiled a new Web page dedicated to promoting cybersecurity for small businesses. - See more at: http://www.businessnewsdaily.com/8491-sba-unveils-small-business-cybersecurity-tools.html#sthash.HVndjn45.dpuf

The Going Dark encryption debate surfaced again on Wednesday at a small security conference here, and as in previous iterations before larger technical audiences and even Congress, the issue continues to spin on a hamster wheel going nowhere.

This time the notable dignitary stumping for so-called exceptional access was FBI general counsel James Baker, and not director James Comey, reiterating that technology companies should find an answer to law enforcement’s problem of unlocking encrypted devices.

- See more at: https://threatpost.com/same-rhetoric-permeates-going-dark-encryption-debate/115271/#sthash.xiqF58Va.dpuf

The Going Dark encryption debate surfaced again on Wednesday at a small security conference here, and as in previous iterations before larger technical audiences and even Congress, the issue continues to spin on a hamster wheel going nowhere.

This time the notable dignitary stumping for so-called exceptional access was FBI general counsel James Baker, and not director James Comey, reiterating that technology companies should find an answer to law enforcement’s problem of unlocking encrypted devices.

- See more at: https://threatpost.com/same-rhetoric-permeates-going-dark-encryption-debate/115271/#sthash.xiqF58Va.dpuf

New York regulators are considering a host of cybersecurity requirements for banks and insurers and urged other state and federal authorities to collaborate on establishing a framework of defenses for the financial sector.

Financial Services Superintendent Anthony Albanese said in a letter to other regulators that his agency has surveyed more than 150 banks and 43 insurers since 2013 and has begun conducting risk assessments of financial institutions. They have concluded that "robust regulation" is needed.

There's no specific timeline at this point for New York to issue its proposed cybersecurity regulations, department spokesman Matt Anderson said.

"First, although financial institutions have taken significant steps to bolster cyber security efforts in recent years, companies will continue to be challenged by the speed of technological change and the increasingly sophisticated nature of threats," Albanese wrote. "Second, third-party service providers often have access to sensitive data and to a financial institution's information technology systems, providing a potential point of entry for hackers."

New York's key proposals would require written cybersecurity policies implemented in areas ranging from access controls, customer privacy and data governance to incident responses and disaster recovery planning.

Managing third-party providers would require multifactor identity authentication, use of data encryption, loss indemnification, warranties, incident notices and audits.

Baker—speaking at the Advanced Cyber Security Center conference and flanked by crypto luminary Susan Landau of Worcester Polytech Institute and Eric Wenger, director of cybersecurity and privacy, global government affairs at Cisco—made the case that encryption hampers law enforcement investigations on a local level and surveillance efforts on national security and terrorism fronts.

The other side argues that, especially post-Snowden and the endless run of evidence of the National Security Agency’s overreach on surveillance and deliberate efforts to weaken cryptographic standards, that encryption remains the best defense against government surveillance and advanced attackers targeting intellectual property. Asking Silicon Valley for help in solving Going Dark, for example, seems to be an unlikely proposition.

- See more at: https://threatpost.com/same-rhetoric-permeates-going-dark-encryption-debate/115271/#sthash.xiqF58Va.dpuf

The Going Dark encryption debate surfaced again on Wednesday at a small security conference here, and as in previous iterations before larger technical audiences and even Congress, the issue continues to spin on a hamster wheel going nowhere.

This time the notable dignitary stumping for so-called exceptional access was FBI general counsel James Baker, and not director James Comey, reiterating that technology companies should find an answer to law enforcement’s problem of unlocking encrypted devices.

- See more at: https://threatpost.com/same-rhetoric-permeates-going-dark-encryption-debate/115271/#sthash.xiqF58Va.dpuf

 

Read Full Article

SBA Unveils Small Business Cybersecurity Tools
Credit: Mark Van Scyoc

In honor of October's designation as National Cybersecurity Awareness Month, the U.S. Small Business Administration (SBA) has unveiled a new Web page dedicated to promoting cybersecurity for small businesses.

In the wake of high-profile data breaches, many businesses are eager to implement a more robust cybersecurity strategy. The SBA's cybersecurity page, launched earlier this month during the "Cybersecurity at Work" week, offers advice and tools for small business owners who are seeking to better protect both their own data and their customers' data. In 2013, 44 percent of the 800 small business owners surveyed reported having experienced a cyberattack that resulted in an average cost of nearly $9,000, according to a report by the National Small Business Association.

"Cybersecurity is one of our nation's most pressing national security priorities, and America's 28 million small businesses, which create two out of every three new jobs in the U.S., are especially at risk," SBA Administrator Maria Contreras-Sweet said in a statement announcing the Web page. "Small employers are quickly becoming a larger target for criminals looking to access sensitive data because small businesses typically have limited resources for information systems security. In an effort to combat cyberattacks against small businesses, the SBA's online tools will help employers identify information security vulnerabilities that put their companies at risk."

- See more at: http://www.businessnewsdaily.com/8491-sba-unveils-small-business-cybersecurity-tools.html#sthash.HVndjn45.dpuf
In honor of October's designation as National Cybersecurity Awareness Month, the U.S. Small Business Administration (SBA) has unveiled a new Web page dedicated to promoting cybersecurity for small businesses. - See more at: http://www.businessnewsdaily.com/8491-sba-unveils-small-business-cybersecurity-tools.html#sthash.HVndjn45.dpuf