The Corliss Group Latest Tech Review - Us Regulator To Impose New Cyber Security Standards For Banks And Their Supply Chain

A new report highlighting deficiencies in US banks' oversight of suppliers' cyber security should serve to remind financial services companies in Europe of the due diligence they need to undertake, an expert has said.

Financial services and technology law expert Angus McFadyen of Pinsent Masons, the law firm behind Out-Law.com, said that regulators in both the US and Europe are increasingly interested in what financial services companies are doing to address cyber security threats.

McFadyen was commenting after the New York State Department of Financial Services (NYDFS) announced its intention to introduce new regulations "strengthening cyber security standards for banks' third-party vendors" in the "coming weeks".

The announcement was made as it revealed that fewer than half of the banks it surveyed said they do not "conduct any on-site assessments" of "high-risk" suppliers, such as data processing companies and other suppliers that typically have access to "sensitive bank or customer data".

The NYDFS report (7-page / 313KB PDF) also said that only about 30% of the banks surveyed "require their third-party vendors to notify them in the event of an information security breach or other cyber security breach".

A fifth of the banks do not require suppliers to set "minimum information security requirements", whilst of those that do only a third "require those information security requirements to be extended to subcontractors of the third-party vendors", it said.

"A bank's cyber security is often only as good as the cyber security of its vendors," Benjamin Lawsky, superintendent of financial services at the NYDFS, said. "Unfortunately, those third-party firms can provide a backdoor entrance to hackers who are seeking to steal sensitive bank customer data. We will move forward quickly, together with the banks we regulate, to address this urgent matter."

McFadyen said that although "security is a growing concern on both sides of the Atlantic" the action proposed by the NYDFS is "the most forthright we’ve seen".

"European regulators are also actively looking at security," McFadyen said. "We’ve seen new rules around payment security come out of Europe and the Financial Conduct Authority’s (FCA's) own guidance on bank outsourcing touches on its importance. Security measures are rarely perfect, as we’ve seen with the takedown of the French TV channel TV5Monde, but the risks presented by a compromise in the sector are growing as we are increasingly digitising financial services."

McFadyen pointed to a recent announcement by the FCA on the implementation of new internet payments security guidelines in the UK as highlighting the regulatory focus there is on cyber security.

The FCA has said it will incorporate the new guidelines into its "supervisory framework" at the same time as the new EU Payment Services Directive (PSD2), which is still being negotiated, is transposed into UK law. The internet payment security guidelines were finalised late last year by the European Banking Authority (EBA).

"We are fully supportive of the objectives behind the guidelines and agree with the importance of consumers being protected against fraud when making payments online," the FCA said. "Ensuring the security of payments and the protection of sensitive customer data is a critical part of the infrastructure of robust payment systems."

"Many firms already have in place measures for strong customer authentication, and we would remind payment service providers of their responsibility to ensure consumers’ payments are safe and secure. We will be incorporating the detail of the requirements of the guidelines into our supervisory framework in line with the revised Payment Services Directive (PSD2) transposition timeline," it said.

The Corliss Group Latest Tech Review: Facebook to launch social network for cyber security experts

Facebook is launching a social network for cyber security professionals to share information about threats that could lead to cyber attacks, as the US government and companies search for new ways to co-ordinate their defences.

The world’s largest social network is stepping up its work in cyber security by teaming with other technology companies including Yahoo and online scrapbooking site Pinterest. The platform will enable companies to share clues about how hackers are behaving in the hope of preventing security breaches.

As cyber attacks hit companies from Sony Pictures to health insurer Anthem, the private and public sector are under pressure to work together to understand their adversaries. Hackers join forces and share tips to break into networks but so far, communication about cyber defence has often been haphazard.

Mark Hammel, Facebook’s manager of threat infrastructure, said ThreatExchange had been developed from a system that Facebook was already using internally to make it easier to catalogue threats to the site in real time.

Facebook’s decision to share the tool comes at a time when the company is trying to broaden its appeal beyond social interactions with friends and family and make the product a tool that is useful in the workplace. The company is also trying out a site and app called Facebook at Work, designed to facilitate internal collaboration between colleagues.

Mr Hammel said Facebook would give the cyber security service away for free, unlike some other threat detection systems.

“We feel that as our product’s footprint has grown, with the number of people using it to communicate, we have the ability to spend more time on broader security issues that affect the internet,” he said. He added Facebook was “really well positioned” with its “social sharing model” to direct a threat project such as this.

He added that Yahoo and Pinterest were good initial partners because they faced similar threats and had sizeable user bases. “Together, we’re protecting a pretty sizeable percentage of the internet,” he said.

The ThreatExchange comes after Barack Obama, US president, put information sharing at the heart of his cyber security proposals announced ahead of the State of the Union speech last month. He proposed legislation that would make it easier for companies to share information about cyber threats with the government.

The US government announced this week that it would be establishing a new agency, modelled on the National Counterterrorism Center with the aim of bringing together information from all arms of government during a cyber incident.

Mr Obama is expected to flesh out those proposals at a White House summit held at Stanford University on Friday, while appealing to the technology industry to do more to help.

The financial industry already leads the way in sharing information. The Financial Services Information Sharing and Analysis Center — known as FS-ISAC — joined the Depository Trust and Clearing Corporation, the post-trade services provider, last September to launch the first widespread not-for-profit intelligence service. The project is funded by 12 large companies from sectors including finance, energy and healthcare.

But many analysts say information sharing is a key challenge for cyber defences. Last year saw a steep acceleration in attacks on businesses. These included the largest ever breach of personal data at a retailer at Home Depot, as well as the attack on Sony Pictures that the FBI has said was orchestrated by North Korea.

The Corliss Group: White House Cybersecurity Event to Draw Top Tech, Wall Street Execs

Government to Call on Companies to Help Improve Information Sharing as Breaches Get More Sophisticated

President Barack Obama will convene top executives from Silicon Valley, Wall Street, and a number of other industries on Friday in a first-of-its kind cybersecurity “summit” taking place as the government and corporate executives each struggle to adjust to persistent and sophisticated breaches.

Mr. Obama will be joined at the Stanford University event by top officials at the Department of Homeland Security, U.S. Secret Service, and Federal Bureau of Investigation. The officials will call on companies to share more information with the government in an effort to combat future cyberattacks, a plea officials have made for months with limited success.

Mr. Obama’s presence at the event has drawn what has emerged as a Who’s Who of corporate leaders, reflecting a growing acknowledgment that many companies need to rethink their cyberdefenses.

Apple Inc. Chief Executive Tim Cook will deliver remarks about his company’s push toward a more secure payment system, a theme the White House is expected to try to reinforce for other companies throughout the event.

An Apple spokeswoman confirmed that Mr. Cook will be speaking at the summit. He is expected to focus on Apple’s experience with mobile payments. Apple introduced Apple Pay in October, touting a security feature aimed at reducing the chances of credit-card theft.

Mr. Cook will be joined at Stanford on Friday by the CEOs of Bank of America Corp., U.S. Bancorp, American Express, Kaiser Permanente, Visa Inc., MasterCard Inc., and PayPal who also will speak on panels at the daylong event, along with representatives from Facebook Inc., Google, Intel Corp., and a numerous other companies.

Input from these executives is notable, as they collectively hold health, financial, search-engine, and social-media records on tens of millions of Americans. A number of the firms, particularly the technology companies, have sparred with the federal government over privacy concerns in recent years.

To acknowledge those concerns, the White House is expected to make privacy a central theme at the summit, in addition to consumer protection and cybersecurity techniques.

In addition to remarks from Messrs. Obama and Cook, the seven-hour event will include multiple panel sessions, including separate discussions of public-private collaboration, consumer protection, and payment technologies.

The entire event will be live-streamed on the White House’s website.

Senior administration officials see the event as a continuation of two years’ worth of cybersecurity initiatives, but the issue has taken on more urgency in recent months as the number of cyberattacks has increased dramatically. And recent large-scale breaches at Sony Pictures Entertainment Inc. and Anthem Inc. have led to an internal debate among government officials over whether the government should heighten its response to cyberattacks carried out by foreign countries.

Also notably, the White House’s list of panelists and speakers at the summit doesn't include representatives from many of the large companies that have suffered major breaches in recent years, such as Home Depot Inc., J.P. Morgan Chase & Co., Target Corp., Sony, or Anthem. A senior administration official said these companies weren't excluded from panels at the event.

Also missing from the list of panelists and speakers are officials from the U.S. intelligence community, such as the National Security Agency and Central Intelligence Agency. Intelligence officials often collect information about cyberthreats, and the White House on Tuesday announced a new office that is meant to collect and analyze their data.

But many technology companies remain skeptical about the operations of these agencies, particularly the NSA. A senior administration official said officials from the intelligence agencies would be at the event but officials from the agencies like the FBI and DHS were tapped to speak because they interact directly with the public to discuss cyber issues.

Corliss Tech Review Group: ARM smartphone chip boasts 3x computing power

With the trend today of making every new smartphone thinner than the last one, most would have to make a compromise between aesthetics and productivity. Usually, a nice and thin smartphone means shorter battery life and limited processing capability.

Fortunately for us, manufacturers are now moving towards extended battery life and excellent processing power even in thin handsets. Case in point: ARM's next generation A72 processors.

ARM Holdings, a microchip designer based in Britain, has announced a new processor for tablets and smartphones that boasts improved graphics and processing capability. Their new Cortex-A72 chip design and other improvements in related technology came just in time to help the handheld device industry which struggles with cooling demand.

Corliss Tech Review Group noted that much of the advancement could be credited to big improvements made in manufacturing technology, particularly from the Asian contractors.

An event in San Francisco was held where ARM announced that the new chips pack thrice as much computing power when compared with those in use today. It is now totally possible for manufacturers to use these new processors from ARM to get superb performance minus the strain in the device's battery. In fact, the company claims that in thin profile designs, the new chip could allow for as much as 75% reduction in power consumption.

The company's vice president of marketing also mentioned that the device has "more than enough" computing power to support complex processes on tablets and smartphones even without an Internet connection. Most of the smartphone processes today that are data-heavy are usually being handled by remote servers and not the device's processor itself.

Devices with this new processor technology are expected to be available by early next year. But according to Corliss Tech Review Group, 10 companies, including MediaTek of Taiwan and Rockchip of China, have already licensed ARM's new technology.

The Corliss Group Latest Tech Review: Security experts offer online shopping tips

As Americans spend billions on holiday shopping this month, online security experts say a little caution can go a long way when it comes to avoiding identity theft.

“In general online shopping is good. It’s safe for the most part, but it’s the safest when you initiate the contact, when you log onto a known website,” said Rick Avery, president of Boston-based Securitas Security Systems.

Directly visiting trusted, reputable online retailers is just one way to attempt to avoid the cyber criminals who try to steal sensitive information from vulnerable computers and unsuspecting consumers.

“There is a risk in commerce …” said Sam Ransbotham, an information systems professor at Boston College. “There is also a risk from walking around with a wad of cash. We’ve got years and years of experience walking around with wads of cash that we just don’t have with these newer mechanisms.”

Purchases at brick-and-mortar stores aren’t immune to data breaches either. Last year, hackers stole data from 40 million credit cards from Target, while cyber thieves got information from 56 million credit cards from Home Depot earlier this year.

To reduce the chances of fraud, Avery advises that shoppers be wary of offers sent via email. Criminals, he said, may send legitimate-looking emails that appear to be from online merchants or banks. Rather than clicking on a link in an email, he recommends directly typing the website address into your browser.

“One of the most dangerous ways people get involved with credit card fraud or theft on the Internet is they get emailed a link offering 50 percent off, or saying it’s from the bank, and it’s actually a false website made to look like the authentic website,” he said.

Cyber criminals can use fraudulent websites to gather financial information from a person or install malware on their computers.

“If you’re shopping around and find an extra, extra really good deal, that might be the online equivalent to buying cheap speakers out of the back of a truck,” Ransbotham said. “If it’s too good to be true, it is.”

Avery also recommends using credit cards or one-time use credit cards instead of debit cards.

“Some banks have protections on a debit card, but not all do at the point of an ATM,” Avery said. “Usually, your debit card is tied to your other banking accounts, and it’s a lot more difficult to get your money back. It may be weeks before you get your money back.”

In some cases, a victim might never get that money back.

The Corliss Group Latest Tech Review: Top tips to stay safe while shopping online on what promises to be one of retail's biggest days of the year

Cyber Monday is set to be among the biggest shopping days of the year - but how can you avoid becoming the victim of online shopping fraud on Monday?

Experian found that last year saw a huge lift in Black Friday’s significance, with a 19 percent increase in visits to retail websites last year (29 Nov) compared to 2012. Cyber Monday is also increasing, with a 9 per cent increase last year on 2012’s figures.

Meanwhile, the rise of ‘click & collect’ services, and a greater trust in retailers being able to deliver well in time for Christmas, has resulted in a trend for people being more comfortable leaving their Christmas shopping until a Monday later: Manic Monday, you might call it.

A few things to remember if you are doing the bulk of your Christmas shopping online, according to Experian:

1. It’s best to use websites that you know and trust. Always look for a security padlock icon in the top left hand corner of a page before you register financial or personal information on a website. And if an online deal you find, or have been emailed, sounds too good to be true, it quite probably is.

2. Use strong passwords, especially if you have stored payment details, and it’s a good idea to change them every now and then. If possible, install the latest anti-virus and firewall software. If you’re out and about, make sure you can’t be overlooked when you make a mobile payment – be especially careful around wi-fi, even at home.

3. Keep an eye on your bank and credit card account balances. Your credit report can also show you if there are any irregularities, such as suspect applications for credit and rises in card balances. As a CreditExpert member you can get unlimited views of your Experian Credit Report and alerts to credit activity in your name so you can spot potentially fraudulent activity.

4. Buying on credit can give you protection. If you buy goods or services on your credit card, you have extra protection if things go wrong (clothes don’t fit, unwanted gifts etc.) compared with paying by cash or even debit card, under section 75 of the Consumer Credit Act.

Corliss Tech Review Group provides some tips and reviews on how to secure you through online and technical issue. Our substance is short yet to the point, and intended to challenge you to live in and nurture with IT technologies. For more update, just visit our blog site.

Corliss Tech Review Group: Google Glass barely alive

Two years ago, Google has hyped its Glasses device as the greatest thing since sliced bread -- and for a moment, many of us believed it.

During its launch, there was much enthusiasm on the part of the consumers and developers but now people seemed to be losing interest. (Whether that's because of the $1,500 price tag or the fact that you can't really find a place to buy it from remains unknown.)

While it may still sound supercool to geeks, Glass might not even reach the hands of the general public as developers are jumping out of the bandwagon. Some of them have felt the lack of support from Google, especially since an official public launch date is yet to be set. When Glass became available for developers in 2012, 10,000 units were reportedly sold. Then last year, it became available to tech lovers and media people but as of now, there's no news when it would become commercially available.

"It's not a big enough platform to play on seriously," said the founder of Normative Design Matthew Milan who discontinued their Glass app supposed to target fitness buffs.

According to Corliss Tech Review Group, out of more than a dozen Glass app developers, 9 have already put their efforts on hold owing to the limitations of the gadget and perceived lack of customers. Meanwhile, 3 of them have instead switched their focus on developing software for businesses.

"If there was 200 million Google Glasses sold, it would be a different perspective. There's no market at this point," said Tom Frencel, CEO of a game developer firm that held back its efforts to make a Glass game.

What's more, in the past 6 months, a number of Google employees responsible for the Glass development have reportedly left. Also, the Glass Collective, a funding consortium by Google Ventures has invested in only 3 startups this year and has taken down its website without notice. A spokesperson from Google Ventures said that the reason for the website closure is for entrepreneurs to come to them directly.

Google insists it's still committed to developing Glass. Chris O'Neill, its head of business ops said, "We are completely energized as ever about the opportunity that wearable and Glass in particular represent. We are as committed as ever to a consumer launch. That is going to take time and we are not going to launch this product until it's absolutely ready."

The formerly proud "Explorers" who go around the streets touting their Glasses are now getting flak for being "Glassholes". After all, no one really wants such evident threat to privacy hanging around in obvious, or obscure, places. In fact, someone from Google admitted himself that Glass is a perfect example of privacy issues concerning wearable devices.

Experts from Corliss Tech Review Group have already predicted that it's a tall order for Glass to be a mass-market gadget. It's more likely to go down the road of Segway; a supposedly cool invention that ended up being used only in professional and industrial settings.