- a cybersecurity program based on a risk assessment of each regulated firm;
- a written cybersecurity policy approved by each firm's senior officer or board of directors;
- a chief information security officer appointed by each firm;
- annual testing of cybersecurity systems and biannual system vulnerability assessments;
- an audit trail for all cyber activity;
- multifactor or risk-based authentication procedures for all system users' access; and
- secure processes for data disposal.
Tuesday, February 21, 2017
Interesting new malware. Is it Russian?
Dan Goodin reports:
Researchers have uncovered an advanced malware-based operation that siphoned more than 600 gigabytes from about 70 targets in a broad range of industries, including critical infrastructure, news media, and scientific research.
The operation uses malware to capture audio recordings of conversations, screen shots, documents, and passwords, according to a blog post published last week by security firm CyberX. Targets are initially infected using malicious Microsoft Word documents sent in phishing e-mails. Once compromised, infected machines upload the pilfered audio and data to Dropbox, where it’s retrieved by the attackers.
Read more on Ars Technica.
Would you believe none of these things were required before the Department of Financial Services thought them up?
New York financial firms will have to implement cybersecurity programs
… “These strong, first-in-the-nation protections will help ensure this industry has the necessary safeguards in place in order to protect themselves and the New Yorkers they serve from the serious economic harm caused by these devastating cyber crimes,” New York Gov. Andrew M. Cuomo said in a news release.
The state's move comes as the Federal Reserve and Federal Deposit Insurance Corp. are seeking suggestions and comments for potential cybersecurity requirements for U.S. banks.
Requirements under the new regulation include:
The New York DFS cybersecurity regulation is available on the department's website.
For my Data management students.
At Kroger, Technology Is Changing the Grocery-Store Shopping Experience
… For a glimpse of how technology can affect shopping, consider Kroger Co., whose 2,778 stores make it the largest supermarket chain in the U.S. Kroger has deployed cameras and infrared sensors to monitor foot traffic, and is using data algorithms to help schedule cashiers in real time. Its mobile app can analyze shopping habits and produce relevant digital coupons. Kroger’s latest move: testing sensor-laden interactive shelves that detect shoppers in the aisles via their smartphones to offer them personal pricing and product suggestions as they walk along.
… In an interview, Mr. Hjelm discussed the imperative to make store shopping more like online shopping—cutting wait times and creating a more interactive experience—with technology such as the Internet of Things, data analytics and video. Edited excerpts follow:
Interesting. Should my rates drop because I don’t have a smartphone? Is the assumption that everyone has one?
Smartphone addicts driving car insurance rates higher
Distracted by their smartphones, America’s drivers are becoming more dangerous by the day. And as The Wall Street Journal reports, their behavior is pushing auto-insurance rates even higher as insurers struggle to keep up.
Costs associated with crashes are outpacing premium increases for some companies, and insurers say the use of smartphones to talk, text and access the internet while on the road is a new and important factor behind the wrecks.
Apparently, there is money in moving money.
TransferWise launches international money transfers via Facebook
Money transfer company TransferWise has launched a new service that allows users to send money internationally through Facebook Inc's chat application, as competition in the digital payments landscape intensifies.
The London-based startup said on Tuesday that it had developed a Facebook Messenger "chatbot", or an automated program that can help users communicate with businesses and carry out tasks such as online purchases.
Alibaba’s Ant Financial Will Invest $200 Million in This Korean Payment Firm
China's Ant Financial will invest $200 million in Kakao Pay, the mobile payment subsidiary of South Korean messaging platform giant Kakao Corp, extending a major push by the Chinese firm to create a global network of financial assets.
… The firm, the payment affiliate of Chinese e-commerce giant Alibaba Group Holding, announced an $880 million deal for U.S. money-transfer firm MoneyGram International last month.
… "Ant's ultimate goal is to become a global payments monster—the biggest, broadest option for consumers," said Ben Cavender, Shanghai-based principle for China Market Research.
"The challenge is facing strong local players around the world, so it's cheaper to buy into these companies rather than burning money to steal market share from them."
Another large investment area…
Spending spree: Samsung rumored to have $1 billion put aside to buy AI companies
… The massive sum won’t only be used for acquisitions, but also to invest in companies involved in AI. Although there’s no question a billion dollars will buy you plenty of talent and tech, it’s still only a fraction of the $8 billion Samsung recently spent acquiring Harman International. However, while the two may not initially seem connected — Harman is best known for its in-car infotainment systems and other audio/visual equipment — it has divisions hard at work on AI projects, smart cities, and voice control. These are all key applications for AI and machine learning technology.