NIST Cybersecurity Framework 2.0 was released this year - NIST

The US Government’s National Institute for Standards and Technology, known commonly as NIST, released its updated Cybersecurity framework in February. This was the first new version in 10 years, following the 1.0 version in 2014 that was primarily aimed at protecting US critical infrastructure. The new 2.0 version is international and aimed for broad consumption: drafted in collaboration with experts across 100 countries, it should also be easier to use. Version 2.0 also introduces a new category: Govern, recognising that the world has changed since 2014, with Cyber now an enterprise risk being discussed in the boardroom. ...

December 8, 2024 · 1 min · Graeme

Tech supplier concentration increases risk of downtime - Control Risks

Control Risks released their predictions for the top business risks for 2025, calling out Digital Concentration Risk as companies outsource their specialist IT services to external providers, such as cloud and security. “The concentration of risk in centralised technological ecosystems in a worsening threat landscape will be a top risk for organisations in 2025.” Global technology disruptions such as the July 2024 Crowdstrike outages shows how human error or system misconfigurations can create a correlated industry-wide impact to customer organisations. And as these companies pass control to external tech vendors, they may be losing the in-house skills needed to respond to future incidents and outages. ...

December 8, 2024 · 1 min · Graeme

The UK to introduce its own cyber law in 2025 - UK Gov

With the new UK Labour government, changes are expected in legislation and regulations for risk and resilience. The Cyber Security & Resilience Bill will be coming before Parliament in 2025, helping government ‘build a better picture’ of the cyber threat landscape. The Bill will [… expand] the remit of the existing regulation, putting regulators on a stronger footing, and increasing reporting requirements to build a better picture in government of cyber threats. ...

December 8, 2024 · 1 min · Graeme

The EU’s Digital Resilience Act - known as DORA - comes into effect next month - ESMA

Security Boulevard notes that firms have less than two months to comply with DORA. With the EU’s Digital Operational Resilience Act (DORA) coming into effect next month, financial services firms in the EU are updating processes, policies and provisions to comply with the new regulation. Meanwhile, PwC highlights in International Banker (PwC) the challenge of updating ICT contracts under DORA’s requirements. As part of TPRM, DORA stipulates that all ICT contracts must contain specific baseline contract terms. There are also more onerous additional requirements for contracts supporting critical or important functions (CIFs). ...

December 8, 2024 · 1 min · Graeme

The Bank of England publish a report on AI use in UK financial services - Bank of England

The Bank of England and the Financial Conduct Authority have released a report on Artificial intelligence, surveying participants in the UK financial services sector (report 2024-11-21 - 29 pages). The report highlights respondent’s views on the benefits and risks of AI, use cases including “data and analytical insights, anti-money laundering (AML) and combating fraud, and cybersecurity.” From the report: ...

December 8, 2024 · 1 min · Graeme