Blockchain for Dummies
Want to learn more about blockchain? Click on the link below for a simple, easy-to-read article recently published on LinkedIn.
Digital Identity Tracker February 2017
MARK YOUR CALENDARS: NY CYBERSECURITY REGULATIONS TO GO INTO EFFECT
If your organization is regulated by the New York Department of Financial Services (NYDFS), March 1, 2017 is an important date to mark on your calendar. On that day, absent further modification, the NYDFS’s modified Cybersecurity Regulations will take effect and will impose substantial cybersecurity obligations on banks, insurers and financial institutions that operate in the state of New York. The reach of these regulations, however, is not just limited to traditional financial services entities. As currently proposed, the regulations also apply to colleges, universities, and religious and philanthropic entities that are permitted under N.Y. Insurance Law to issue charitable annuities. If your organization is regulated by NYDFS, maintains or has access to personal information, and (i) has 10 or more employees (including independent contractors), (ii) more than $5 million in gross annual revenue in each of the last three fiscal years, and (iii) has more than $10 million in year-end total assets, it will be required to comply with the Cybersecurity Regulations.
The full article can be found at the following link:
Major Exploit Still Affecting Philadelphia Companies
Layer 8 Security has an on-going relationship with local and federal law enforcement that allows us to know in advance when certain threats will be prevalent. We receive notices and bulletins from the FBI and other intelligence sources on a consistent basis. In some cases, dissemination is limited; however, in this case a wide dissemination is allowed. We are glad to send this alert to keep you and your company safe.
Recently, several Philadelphia businesses have fallen victim to the OpenSSL cybersecurity exploit known as Heartbleed, which created a news frenzy in 2014. We’re extremely surprised that there are still companies that haven’t patched or updated their assets to defend themselves against this exploit.
According to our sources, there are nearly 200,000 servers and Internet-connected devices running out-dated OpenSSL software still vulnerable to Heartbleed. The initial analysis of the Heartbleed vulnerability found over 600,000 devices which led to one of the largest media blitzes to fix a technology bug. The bug can be exploited to reveal chuncks of memory to any client that connects to the server.
What this means for you:
While you likely have heard about Heartbleed years ago, the threat still exists. A “bad guy” could use the Heartbleed exploit to remotely execute malicious code on your servers which results in a compromise of sensitive data. Organizations need to verify that their assets (Cloud servers, data, backup systems, etc.) do not run a vulnerable version of OpenSSL, and if they do, patch them immediately. Also, this should act as a good reminder to review policies and procedures on asset maintenance.
CYBER SECURITY UPDATE:
At a recent seminar on cyber security, an associate from the FCC informed the audience that the National Institute of Science and Technology (NIST) had published a framework to reference when companies are addressing the issue of cyber security. A link to that website is provided below. This is a topic that is becoming more relevant every day, and we are pleased to provide this information to you for your perusal and use.