Authentic8 Blog Author: A8 Team

Interview: Pitfalls of BSA/AML Research on the Web

Illustration: Interview: Pitfalls of BSA/AML Research on the Web - Authentic8 Blog

The pressure on financial services organizations of all sizes to comply with federal Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) regulations is steadily increasing. Banks and investment firms are facing stiff regulatory fines, civil penalties, and industry disbarment for compliance violations.

Industry observers point out that many cases resulting in enforcement action follow a common pattern. Often, the entities found in violation neglected to file Suspicious Activity Reports (SARs) about suspicious transactions.

Then, to make matters worse, during a subsequent investigation they also “failed to promptly produce certain documents” as requested by investigators (PDF).

Online Research as BSA/AML Compliance Bottleneck

Research indicates a direct correlation between the negligence of affected financial institutions to sufficiently investigate, report and document suspicious transactions, and the lack of a compliance-friendly and compliance-ready browsing environment at the disposal of their BSA/AML specialists. Check out the Authentic8 white paper Secure AML Research: Cracking the Efficiency Code (PDF) on this problem and how financial firms are

Silo vs. Chrome Study “Kind of Eye-Opening”

Illustration: Silo vs. Chrome Study “Kind of Eye-Opening” - Authentic8 Blog

Silo beats Google Chrome as the most secure browser for the enterprise, researchers at Georgetown University found. For our podcast “The Silo Sessions”, Authentic8 Co-founder and CEO Scott Petry spoke with Paul Brigner, Managing Director of the Security and Software Engineering Research Center (S2ERC) at Georgetown University, about the study and its findings.

This transcript has been edited for readability.

*

Scott Petry: Paul, we are going to spend some time talking about your latest research study, so why don't you introduce yourself and give a little background?

Paul Brigner: Thank you very much, it's good to be talking to you about our research at Georgetown University. S2ERC is a partially funded National Science Foundation Research Center, and all of our research is done in conjunction with industry. There’s a specific program at the NSF called the Industry-University Collaborative Research Program, and we
are one of those centers.

Scott Petry: And we, Authentic8, are an industry affiliate. We worked with you and

Inside GDPR: What Does It Mean for U.S.-based Companies?

Illustration: Inside GDPR: What Does It Mean for U.S.-based Companies? - Authentic8 Blog

For our podcast “The Silo Sessions”, Authentic8 CEO Scott Petry spoke with Steve Durbin (Information Security Forum) about the ramifications of the European Union’s General Data Protection Regulation (GDPR) for U.S. organizations.

This podcast transcript has been edited for readability.

*

Scott Petry: I'm joined by a colleague in the information security space, Steve Durbin. Steve, I'll leave it to you to introduce yourself.

Steve Durbin: Hi Scott, thanks very much for having me on. I'm the Managing Director of the Information Security Forum. The ISF is headquartered in London, we’re a not-for-profit organization and we work with many of the world's leading organizations on issues of information security risk management and increasingly, of course, the subject of today's session: what all of that means from a General Data Protection Regulation standpoint.

The GDPR is coming into effect in May of this year.

Scott Petry: Yes, sooner than people expect, I think - although we've had a couple of years

Risk Management and Employee Cybersecurity

Illustration: Risk Management and Employee Cybersecurity - Authentic8 Blog

Risk management will be a central topic at the 3rd annual ALM cyberSecure conference in New York City this year.

The cross-industry gathering of thought leaders on December 4-5 aims to facilitate a holistic approach to data security, risk management and data governance.

Influential business leaders from the cybersecurity industry and high-ranking law enforcement officials will be convening with corporate risk management, compliance and law department leaders at the conference, which features speakers from numerous Fortune 100 companies.

Authentic8 Co-Founder and CEO Scott Petry will moderate a discussion panel on “Revamping Employee Cybersecurity Policies and Training to Mitigate Legal Risks” on December 4th.

Scott Petry will be joined on stage by Daniel Pepper, Vice President and Deputy General Counsel at Comcast; Adam Rubin, General Counsel of PrizeLogic; and Allen Brandt, Executive Director, Associate General Counsel and Chief Privacy Officer at the Depository Trust & Clearing Corporation.

Balancing IT security, data protection and privacy

Balancing IT security and data protection with the needs

New OpenSSL vulnerability to be disclosed this week

2015-07-06_OpenSSL

CORPORATE

The OpenSSL Project announced that a new “high” severity vulnerability will be disclosed on Thursday, July 9. Full details of the vulnerability have not been disclosed publicly, in line with standard, zero-day procedures, but organizations should be prepared to take immediate action for a vulnerability of this severity.

OpenSSL is used to secure the connection between the Silo client app and the user's virtual browser running in our secure container.

Authentic8 patches OpenSSL vulnerabilities as soon as they are disclosed, and all users benefit immediately. We also employ outside firms to test our service regularly for vulnerabilities. Examples of vulnerabilities in critical infrastructure (such as OpenSSL and Bash) that have been addressed for customers include: Heartbleed, FREAK, POODLE, and Shellshock.

We will announce our response and any potential user impact when the vulnerability is fully disclosed on Thursday.