David Reedy, Managing Member
CyberRisk Management, LLC
Who is subject to GLBA Compliance?
Many are under the perception that the Gramm-Leach Bliley Act (GLBA) affects only banks. However there are many other organizations involved in providing financial activities that are also subject to these regulations; thereby impacting their security posture.
Which security protocol have most community banks failed to implement, despite several years of FDIC recommendations in audit reports? Event Log Monitoring!
Event log monitoring is an important security management practice, but adherence to this practice is largely unmet by many local and regional banks. Many FDIC auditors recommendations include a daily review of all security events and retention of event logs for 12 months with reporting capabilities, in case needed for forensic review at a later date.
Cyber threats and the need for enhanced security management is a recurring theme in today’s news headlines. In previous decades, security in most organizations was primarily a technical discussion relating to firewalls and anti-virus controls. However in the last ten years, security has evolved into much more of a risk management issue.
Ransomware dominates the headlines in IT security publications due to the continued success cybercriminals are enjoying with it. Ransomware is probably the bluntest sort of malicious software you, or your organization, are likely to experience.
How much Ransomware risk can you tolerate?
Ask an executive at most small businesses about cybersecurity, and the rest of the conversation is predictable. The first question they’ll ask is, “Should we worry about being a target?” The answer is a resounding YES—but it’s really not the question business leaders need to be asking.
The more appropriate question is,“What is our risk?”
Protecting confidential data is a difficult task, and one that shouldn’t be taken lightly. The consequences for security failures can range from lost competitive advantage, due to the exposure of intellectual property, to reputational damage, due to the loss of clients’ sensitive information, to ultimately fines and/or severe legal judgments.