Expert(s):
Director, Global Regulations & Standardsfeature_status*/ ?>
OneSpan

Comments Dotted : 3
December 09, 2020

Cyber Security Predictions 2021: Experts’ Responses
Digital identities and remote account openings will gain traction worldwide.
Digital identities and remote account openings will gain traction worldwide: Regulators in Hong Kong, Pakistan, Greece, Macedonia, Mexico, and Turkey approved remote bank account openings in 2020 – a clear indicator that even processes rooted in traditional face-to-face meetings in the branch are now going digital and touchless around the globe.
April 01, 2020

Industry Leaders And Cybersecurity Experts Insight On Marriott International Data Breach
In 2019 Marriott is expected report about $3.8 billion (USD) in global turnover (revenues).
For Marriott International this breach probably couldn’t have come at a worse time as the near shutdown of the global travel and hospitality industries have adversely Marriott’s revenue projections. While Marriott felt the pain of a £99m GDPR fine for the Starwood breach, as a two-time offender with incidents relatively close apart, the regulators may come down hard on Marriott. If deemed a severe violation, under GDPR, companies can be fined up to 4% of global turnover of the preceding.....Read More
For Marriott International this breach probably couldn’t have come at a worse time as the near shutdown of the global travel and hospitality industries have adversely Marriott’s revenue projections. While Marriott felt the pain of a £99m GDPR fine for the Starwood breach, as a two-time offender with incidents relatively close apart, the regulators may come down hard on Marriott. If deemed a severe violation, under GDPR, companies can be fined up to 4% of global turnover of the preceding fiscal year, whichever is higher. In 2019 Marriott is expected report about $3.8 billion (USD) in global turnover (revenues). 4% would be about $152 million. Less severe violations could be subject to a fine of 2% of global turnover of the preceding fiscal year would be $76 million. The details of who was impacted by the breach have not been made public and it remains to be seen It remains to be seen if fines are levied against Marriott. If there is one silver lining to the breach, it occurred ahead of enforcement of two well-publicized data privacy and data protection laws, the California Consumer Privacy Act (CCPA) and Brazil’s General Data Protection Law (Lei Geral de Proteção de Dados Pessoais) or “LGPD”. Enforcement of the CCPA begins July 1, 2020 while the LGPD takes effect August 16, 2020. Both shall carry stiff penalties and fines which Marriott has avoided.  Read Less
August 01, 2019

Capital One Suffers Data Breach Affecting 100 Million Customers
The good news is the perpetrator was identified and arrested.
The Capital One breach is a classic example of the “insider threat” which has been present since the first merchant hung a shingle and sold goods and is certainly not limited to the digital age. The insider threat is not limited to employees and extends to third party providers as Capital One fell victim to. The third-party provider threat is a concern for CISO’s and regulators alike, which is why the New York Department of Financial Services’ Cybersecurity Requirements for.....Read More
The Capital One breach is a classic example of the “insider threat” which has been present since the first merchant hung a shingle and sold goods and is certainly not limited to the digital age. The insider threat is not limited to employees and extends to third party providers as Capital One fell victim to. The third-party provider threat is a concern for CISO’s and regulators alike, which is why the New York Department of Financial Services’ Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500) include specific requirements regarding third-party service providers. Under the regulation, banks and financial services providers must secure their own systems as well as implement third-party risk management programs. Coincidentally the regulation’s applicability for third-party service providers just went into effect in March of this year. According to the regulation, section 500.11, “The organization must document written procedures and policies to ensure third-party risk management programs protect information systems and non-public information.” Additionally, policies and procedures pertaining to third-party service providers are required to include relevant guidelines for due diligence as well as contractual protections, addressing: Access controls, including multi factor authentication; Encryption; Notifications to be provided to the primary organization in response to a cybersecurity event; Representations and warranties for a third party’s cybersecurity policies and procedures. The good news is the perpetrator was identified and arrested, however it remains to be seen the severity of penalties Capital One will incur from federal and state regulators. Although, Capital One is headquartered in Virginia it is licensed to conduct business in New York with branches in the state.  Read Less