Receive articles and resources from the information risk management experts at FoxPointe.
New Cyber Incident Reporting The NCUA has proposed a new Cyber Incident Reporting Rule. This proposal comes on the heels of the Federal Banking Agencies Incident Reporting Rule that went into effect earlier this year. The proposed NCUA regulation would require federally charted credit unions (also applies to state-chartered, federally...
Benefits of a vCISO Cyberattacks and data security breaches continue to grow at a record pace year after year. According to recent surveys, over 60% of cybersecurity professionals saw an increase in cyberattacks and security breaches related to the pandemic. In order to defend against these attacks, businesses need to...
Cybersecurity Jurisdiction Data privacy and protection regulations are becoming increasingly common worldwide. This month marks four years since the European Union’s General Data Protection Regulation (GDPR) took effect. During the GDPR’s first four years, more than $1.5 Billion in fines have been assessed. In addition, several states have passed data...
Computer Incident Notification Rule In the final quarter of 2021, the Federal Deposit Insurance Corporation (FDIC), the Board of Governors of the Federal Reserve System, and the Office of the Comptroller of the Currency (the agencies), issued a rule requiring any FDIC insured financial institution to notify its primary Federal...
PCI Standard v4.0 In March 2022, the Payment Card Industry Security Standard Council (PCI SSC) released its initial draft v4.0 of the standard. Based on the initial draft release, the following critical changes are assumed to be incorporated into the new version of the PCI standard: For merchants, sensitive authentication...
Cyberattacks February 24, 2022, Russia began its large-scale military invasion of Ukraine, one of its neighboring countries. Many international organizations, like Apple and Volkswagen, have taken a stance by applying sanctions against Russia in hopes of encouraging Russia’s President, Vladimir Putin, to stop its invasion without starting a world war....
Ransomware Concerns for Every Business All organizations can face a disastrous outcome to a ransomware event, including the governmental entities. An outbreak is a painful event especially with the critical role these agencies have. The disruption of essential services to the public, health care, water & sewerage, education, transportation, and...
The Bonadio Group and their cybersecurity division FoxPointe Solutions highly recommends and encourages that our customers invest in an ongoing compliance solution that can help support its company’s internal controls and compliance requirements before an internal audit is performed by an independent third-party. Not only does an effective and valuable...
This past year proved to be a year of rapid development for the cybersecurity and IT landscape. As new threats emerged, others continued to develop and evolve. Throughout the year, the FFIEC, in an effort to help its institutions combat these threats, issued new guidance for examiners and organizations in...
The ever-growing threat landscape and wide accessibility to the internet around the globe have made it easy for malicious actors to launch cyber-attacks and exploit vulnerabilities within an organization. Big or small, organizations that possess data can be at risk to cyber criminals who want to gain access to their...
Apache Log4j Apache Log4j is an open-source library that is utilized by applications to facilitate logging requests. On December 9th, 2021 a vulnerability was reported (CVE-2021-44228 from the National Vulnerability Database) that impacts applications leveraging Apache Log4j versions 2.14.1 and below. The identified vulnerability can allow malicious actors to perform...
Payment Card Industry (PCI) governance program Typically, the two primary goals of a company’s Payment Card Industry (PCI) governance program are to meet the intent of applicable controls and reduce the scope of PCI Data Security Standards (DSS) requirements enforced on the company’s environment. However, many companies do not meet...
