Security news aggregator

Latest coverage for Finance

Stay secure in the finance sector. Explore the latest in financial cyber security news, trends, and best practices to protect valuable assets and data.

12 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Finance covers the institutions, markets, and services that move, store, lend, invest, and insure money. Its distinctive assets include customer identities, account balances, payment instructions, trading positions, claims, and confidential business data. Operations depend on core banking and ledger systems, payment networks, market-data feeds, identity services, and external processors or cloud providers. Integrity and availability are especially important: an unauthorized change to beneficiary or settlement data can cause direct loss, while an outage can interrupt payments or trading and complicate time-sensitive reconciliation.

Security work therefore focuses on online banking and trading interfaces, APIs, privileged access, credentials, and third-party connections. Useful controls include phishing-resistant multi-factor authentication, least privilege, transaction signing or approval separation, encryption, tamper-evident logging, and anomaly monitoring. Privacy protections apply to personal and financial information; PCI DSS is relevant where payment-card data is handled, alongside jurisdiction-specific financial rules. Vulnerability management should prioritize internet-facing and legacy systems, while incident response needs capabilities to contain fraudulent transactions, preserve evidence, reconcile ledgers, and restore trusted service through tested backups or failover.

Showing 12 most recent headlines Filtered view
Bank Info Security 1 year, 8 months ago

ISMG Summit Highlights Growing Third-Party Vendor Threats

Financial Services Experts Call for Stronger Focus on Third-Party Risk ManagementFinancial services leaders and cybersecurity experts said at Information Security Media Group’s 2024 Financial Services Summit that third-party vendor security risks required the need for proactive, multi-layered security frameworks to combat the growing threat landscape.

Also: Ransomware Hackers Demand BaguettesThis week, Chinese spying, Italian hacking scandal, an FBI warning and Okta fixed a bug. Google mandated MFA, zero days in PTZOptics and a Mexican airport didn't pay ransom. Cybercriminals demanded baguettes, breach lettersin Ohio and Germany will shield white hats. The Italian DPA rebuked a bank.

Bank Info Security 1 year, 8 months ago

Assessing Banking Product Risks to Improve KYC Programs

Trapets CEO Gabriella Bussien on Why Banks Need to Fine-Tune, Automate KYC ProcessesKYC protocols traditionally focus on account-level verification, but examining KYC at the product level can help banks assess risk more accurately. Asking targeted questions based on product risk enables institutions to detect potential financial crimes, said Gabriella Bussien, CEO of Trapets.

Bank Info Security 1 year, 8 months ago

Could New Cyber Regs Be in the Future for Clinicians?

Medicare 2025 Pay Rule for Physicians Hints of Possible New Cyber ExpectationsFederal regulators are again signaling that stronger cybersecurity practices could be tied to financial incentives for doctor offices that participate in Medicare. The regulatory lever may be the Centers for Medicare and Medicaid Services Merit-based Incentive Payment System.

Nov. 7 Summit to Confront the Next Generation of Financial Cyber RisksISMG’s 2024 Financial Services Cybersecurity Summit kicks off Thursday in New York City, bringing together industry leaders and cyber experts to explore critical defense strategies, including digital identity protection, SecOps transformation and realistic threat simulations.

Bank Info Security 1 year, 8 months ago

UK Banks Urged to Gird for CrowdStrike-Like Outage

Regulator Tells Regulators to Enhance Third-Party Service SecurityBritish financial institutions must ensure by this spring that they could reasonably weather a third party tech outage on the scale of July's global meltdown of 8.5 million computers triggered by a faulty update from cybersecurity firm CrowdStrike.