Request a Demo
Cygilant Blog

3 Security Tools to Protect Your Financial Data

Posted by Vijay Basani on Feb 16, 2016

 

With big hacks making headlines seemingly every week, users and businesses alike understand the need to protect their financial data from digital compromises. Here are three online tools that can help safeguard sensitive financial information.

HTTPS Everywhere

There are two categories of web traffic, and only one is safe for financial data. The first and most common type is information traveling over HTTP (HyperText Transfer Protocol), which is the backbone of the web. Data sent via HTTP is not encrypted—it can be read by anyone who intercepts it, such as the staff at a user's ISP. The other type of web traffic is information moving over HTTPS, which stands for HTTP Secure. Unlike information transmitted via HTTP, this data is encrypted, which makes it safer to send financial details. When users sign into their bank accounts, for example, browsers default to HTTPS and display a padlock to indicate an encrypted connection.

Experian Data Breach Angers T-Mobile Customers

Posted by Security Steve on Nov 6, 2015

Experian, one of the big three credit reporting agencies in the US, revealed earlier this month that it had been the victim of a data breach. Experian’s consumer units were left untouched, but the business unit that mobile service carrier T-Mobile used to store customer data was breached. The data breach affected T-Mobile customers who sent applications in to T-Mobile from September 1, 2013 to September 16, 2015. About 15 million customers in the US had their data exposed due to this breach.

The Experian/T-Mobile Breach: Is It Possible To Predict Big Hacks?

Posted by Vijay Basani on Oct 28, 2015

The recent Experian/T-Mobile hack is the latest reminder that breaches are a serious issue for businesses. Naturally the news has many business owners asking if they can predict whether they are at risk of a digital intrusion. A look at what might have happened in the Experian/T-Mobile case answers the question.

Law Enforcement Discovers Scottrade Breach

Posted by Security Steve on Oct 15, 2015

Usually when organizations suffer a data breach, the internal IT and security department notices, and then they inform law enforcement officials. Surprisingly, in Scottrade’s case, the company only learned of a security breach that occurred on their networks because law enforcement officials told them. The investment brokerage company announced last week that it had suffered a security breach back in 2013. Scottrade said the breach occurred in late 2013 and continued for several months until 2014. The breach has affected nearly 4.6 million of Scottrade’s customers. Customers who had a Scottrade account before February 2014 will be notified of the security breach, and will be warned that their information might have been accessed by unauthorized users.

Are You Prepared for the FFIEC Examinations?

Posted by Trevan Marden on Oct 5, 2015

We’ve been having a lot of conversations recently with banks and financial organizations about not only meeting GLBA and PCI-DSS requirements, but also making sure they are prepared for the FFIEC examinations. On the heels of the release of the FFIEC Cybersecurity Assessment Tool this summer, financial organizations are recognizing shortcomings and gaps with their current security processes and systems and looking for ways to correct the issues within constraints of limited budgets, time, and other resources.

What the Second Round of OCIE Examinations Means for You

Posted by Trevan Marden on Sep 29, 2015

Financial services firms represent a huge target for cyber criminals. However, many firms have historically struggled with identifying and guarding against potential security risks while meeting regulatory compliance requirements. In 2014, the Securities and Exchange Commission (SEC) Office of Compliance Inspections and Examinations (OCIE) announced a series of examinations looking at cybersecurity risks and preparedness of the securities industry to better understand how firms were handling security, and published its preliminary findings in February of 2015. Continuing that work, the office announced in September of 2015 that it would continue its emphasis on cybersecurity compliance by conducting a second round of examinations focusing on assessment of firms’ procedures and controls. The office seeks to better understand how financial services firms are currently protecting against cyber attacks and make recommendations for better practices.

International Hackers Steal $1 Billion from over 100 Banks

Posted by Vijay Basani on Feb 25, 2015


A cybercriminal ring has hacked into financial institutions across the world and is suspected to have stolen $1 billion. The cybercriminals breached over 100 banks in 30 different companies on six different continents. Although the actual banks that were targeted are not yet known, banks in the US, China, Australia, Russia, Brazil, Morocco, and the UK were among the targets. With over 300 IP addresses breached, this might be the biggest banking cyber heist. The hackers have not yet been identified, but it is known that they are looking to target more banks in the Middle East and the Baltic countries. The hackers are suspected to have been active since 2013. 

State Banks Increasing Cyber Security Regulations

Posted by Vijay Basani on Dec 29, 2014


The New York Department of financial services plans to increase their cyber security oversight on state-chartered banks. Director Benjamin Lawsky says that New York banks will have to pass a more difficult cyber security examination that will be more precise than the cyber security exams conducted on federal banks.

Financial Consequences of Sony’s Data Breach

Posted by Vijay Basani on Dec 17, 2014


Last week, cyber criminals called the Guardians of Peace hacked into Sony Pictures Entertainment and released troves of confidential data.  

Cybersecurity Breaches for Financial Institutions – the Pain Continues….

Posted by Security Steve on Nov 3, 2014

“Theft of information assets, disruption of services and wrongful disclosure are believed to be the most serious cyber security threats to an organization’s information assets. The most serious consequences from a cyber attack or intrusion are the loss of intellectual property, productivity decline and lost revenue." - Ponemon Institute, 2013(1)

Subscribe to Email Updates

Experience how Cygilant SOCVue and 24x7 GSOC Team can help detect threats, prioritize vulnerabilities and apply patches.

Request a Demo

Most Recent Posts

Posts by Topic

See All