Tag: regulation

The Security Gap JPMorgan Chase’s CISO Didn’t Mention”Š”, “ŠAnd Why It’s in Your Browser

May 13, 2025 10:38 PM

Tags: access, adobe, api, apple, attack, browser, business, chrome, ciso, cloud, compliance, conference, control, credentials, crypto, cyber, data, detection, dora, endpoint, exploit, finance, gartner, google, grc, identity, infrastructure, microsoft, monitoring, nis-2, open-source, password, phishing, ransomware, regulation, resilience, risk, risk-assessment, saas, sbom, software, technology, theft, threat, tool, unauthorized, update, vulnerability

The Security Gap JPMorgan Chase’s CISO Didn’t Mention”Š”, “ŠAnd Why It’s in Your Browser When the CISO of JPMorgan Chase issues a public letter to all technology vendors, the industry pays attention”Š”, “Šand rightfully so. In his open letter, Rohan Amin lays out a firm, urgent call: prioritize secure-by-design practices, patch faster, and take full accountability…
Phishing-Resistant MFA: Why FIDO is Essential

May 8, 2025 11:11 AM

Tags: access, ai, attack, authentication, breach, business, cloud, compliance, credentials, cryptography, cybersecurity, data, data-breach, defense, dora, encryption, exploit, fido, framework, GDPR, Hardware, iam, identity, ISO-27001, malicious, mfa, mobile, network, nist, passkey, password, phishing, phone, ransomware, regulation, risk, service, social-engineering, software, strategy, tactics, technology, theft, threat, tool, unauthorized

Phishing-Resistant MFA: Why FIDO is Essential madhav Thu, 05/08/2025 – 04:47 Phishing attacks are one of the most pervasive and insidious threats, with businesses facing increasingly sophisticated and convincing attacks that exploit human error. Traditional Multi-Factor Authentication (MFA), while a step up from password-only security, is no longer enough to fight modern phishing schemes. Today’s…
Opening Up Open Banking: The CFPB’s Personal Financial Data Rights Rule

May 7, 2025 10:50 AM

Tags: access, automation, banking, compliance, container, control, credit-card, data, finance, identity, monitoring, privacy, regulation, service, software, switch, tool

Opening Up Open Banking: The CFPB’s Personal Financial Data Rights Rule andrew.gertz@t“¦ Tue, 05/06/2025 – 18:23 Explore the impact of the CFPB’s new Personal Financial Data Rights rule and how it aims to empower consumers, drive competition, and reshape open banking in the U.S. Ammar Faheem – Director Product Marketing (CIAM) More About This Author…
TikTok Hit with Euro530 Million Fine Over Data Transfers to China

May 6, 2025 11:50 AM

Tags: china, cyber, data, governance, regulation, technology

Irish Data Protection Commission (DPC) has imposed a landmark Euro530 million fine on TikTok Technology Limited for illegally transferring European Economic Area (EEA) user data to China and failing to meet transparency obligations under the General Data Protection Regulation (GDPR). The decision, finalized on May 5, 2025, follows a multi-year inquiry into TikTok’s data governance…
Backup Roles Key to Cyber Resilience Success

May 5, 2025 8:49 AM

Tags: backup, ceo, cyber, cybersecurity, dora, framework, regulation, resilience

Mickey Bresman Discusses Gaps in Preparedness and Tabletop Execution. Security leaders are placing more focus on cyber resilience as regulations tighten worldwide. Mickey Bresman, CEO at Semperis, said frameworks such as the SEC’s cybersecurity disclosure rule and Europe’s DORA regulation are forcing organizations to build and test disaster recovery plans. First seen on govinfosecurity.com Jump…
TikTok Slammed With Euro530 Million GDPR Fine for Sending E.U. Data to China

May 2, 2025 2:50 PM

Tags: china, data, GDPR, regulation

Ireland’s Data Protection Commission (DPC) on Tuesday fined popular video-sharing platform TikTok Euro530 million ($601 million) for infringing data protection regulations in the region by transferring European users’ data to China.”TikTok infringed the GDPR regarding its transfers of EEA [European Economic Area] User Data to China and its transparency requirements,” the DPC said in a…
2025 The International Year of Quantum Science and Technology

Apr 29, 2025 2:52 PM

Tags: access, attack, cloud, compliance, computer, conference, crypto, cryptography, cybersecurity, data, encryption, finance, government, group, Hardware, infrastructure, international, lessons-learned, network, nist, regulation, risk, risk-assessment, software, strategy, technology, tool

2025 The International Year of Quantum Science and Technology divya Tue, 04/29/2025 – 07:48 It is no surprise that the United Nations declared 2025 as the International Year of Quantum Science and Technology (IYQ). Not only does it mark the 100-year point since quantum physics were discovered, but for those who have been following, the…
RSA Conference 2025, News and analysis

Apr 28, 2025 7:51 PM

Tags: ai, automation, conference, cybercrime, cybersecurity, data, defense, detection, edr, identity, ransomware, regulation, tactics, threat, zero-trust

AI in cybersecurity (both as a threat and a defense)Cloud security challenges and solutionsThe latest ransomware tactics and how to defend against themPrivacy regulations and data protectionEmerging threats like quantum computingKeep an eye out for emerging trends that will be highlighted at the conference. This year, expect a strong focus on topics such as XDR…
AI tests limits of data privacy regulation

Apr 28, 2025 2:51 PM

Tags: ai, ceo, data, openai, privacy, regulation

OpenAI CEO Sam Altman spoke about where data privacy guardrails are needed and where there might be room to rework privacy approaches. First seen on techtarget.com Jump to article: www.techtarget.com/searchcio/news/366623178/AI-tests-limits-of-data-privacy-regulation
GDPR Data Breach Notification Template With Examples [Download]

Apr 27, 2025 1:51 PM

Tags: breach, data, data-breach, GDPR, law, regulation

The GDPR is a law developed by the European Union (EU) to protect individuals’ personal data. Although it originated in the EU, several countries and organisations outside Europe have to date also adopted this regulation, which shows how detailed and well-thought-out it is. Among many of the GDPR’s guidelines, the data breach notification letter is……
Building A Strong Compliance Framework: A CISO’s Guide To Meeting Regulatory Requirements

Apr 27, 2025 11:51 AM

Tags: ciso, compliance, cyber, data, framework, guide, insurance, regulation

In the current digital landscape, Chief Information Security Officers (CISOs) are under mounting pressure to ensure their organizations meet a growing array of regulatory requirements while maintaining robust cybersecurity. The proliferation of regulations such as the General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), and Payment Card Industry Data Security Standard…
Compliance And Governance: What Every CISO Needs To Know About Data Protection Regulations

Apr 26, 2025 1:51 PM

Tags: ciso, compliance, cyber, cybersecurity, data, governance, regulation, risk

The cybersecurity landscape has changed dramatically in recent years, largely due to the introduction of comprehensive data protection regulations across the globe. Chief Information Security Officers (CISOs) now find themselves at the intersection of technical security, regulatory compliance, and organizational risk management. Their responsibilities have expanded far beyond traditional security operations, requiring them to interpret…
6 types of risk every organization must manage, and 4 strategies for doing it

Apr 25, 2025 11:50 AM

Tags: ai, attack, backup, best-practice, breach, business, compliance, control, cyber, cybersecurity, data, finance, framework, fraud, GDPR, governance, government, grc, hacker, healthcare, infrastructure, insurance, intelligence, law, mitigation, office, phishing, ransom, ransomware, regulation, risk, risk-assessment, risk-management, service, startup, strategy, technology, threat, training, vulnerability

Cybersecurity risks Threats such as data breaches, phishing attacks, system intrusions, and broader digital vulnerabilities fall under the umbrella of security risks. The definition of cybersecurity risk is constantly evolving, now encompassing threats related to artificial intelligence and AI-driven systems.If you’re trying to mitigate risks in this area, you need to think not just about…
If Boards Don’t Fix OT Security, Regulators Will

Apr 18, 2025 4:28 PM

Tags: breach, corporate, government, regulation, technology

Around the world, governments are setting higher-bar regulations with clear corporate accountability for breaches on the belief organizations won’t drive up security maturity for operational technology unless they’re made to. First seen on darkreading.com Jump to article: www.darkreading.com/ics-ot-security/boards-fix-ot-security-regulators
CISOs no closer to containing shadow AI’s skyrocketing data risks

Apr 17, 2025 10:28 AM

Tags: access, ai, authentication, awareness, best-practice, breach, business, ceo, chatgpt, ciso, compliance, computer, control, cybersecurity, data, data-breach, detection, finance, framework, github, google, governance, group, jobs, law, leak, LLM, mitigation, monitoring, privacy, RedTeam, regulation, risk, risk-management, service, software, technology, theft, tool, training, unauthorized, vulnerability

While most organizations (90%) offer sanctioned generative AI apps and even more (98%) offer their users apps that incorporate gen AI features, unauthorized use of AI services is skyrocketing in business, according to a study by Netskope.Most gen AI use in the enterprise (72%) is shadow IT, driven by individuals using personal accounts to access…
Whistleblower alleges Russian IP address attempted access to US agency’s systems via DOGE-created accounts

Apr 17, 2025 5:28 AM

Tags: access, breach, cybersecurity, government, regulation, russia

Legal battle: As it stands, the allegations are being made by one individual, and the evidence behind them has yet to be examined independently.In a statement to NPR, an NLRB representative said that while Berulis had raised concerns within the agency, an investigation had “determined that no breach of agency systems occurred.”That said, it won’t…
Best Crypto Tax Software in 2025: A Comprehensive Guide

Apr 16, 2025 5:28 AM

Tags: crypto, guide, law, regulation, software

Keeping up with crypto tax laws in Europe feels like a constant hurdle. Regulations evolve, tax authorities demand… First seen on hackread.com Jump to article: hackread.com/best-crypto-tax-software-in-2025-a-comprehensive-guide/
Introducing Wyo Support ADAMnetworks LTP

Apr 16, 2025 12:28 AM

Tags: attack, best-practice, business, compliance, cyber, cybersecurity, data, email, endpoint, finance, GDPR, government, guide, healthcare, infrastructure, insurance, law, linkedin, PCI, phishing, radius, ransomware, regulation, service, skills, strategy, technology, threat, tool, training, update, zero-trust

ADAMnetworks is excited to announce Wyo Support to the family of Licensed Technology Partners. “After working with the various systems and technologies, there are few that compare with the protection that ADAMnetworks provides. It reduces the attack surface from the broad side of a barn down to the size of a keyhole. No other technology…
Bridewell research finds UK Financial Services under pressure from cyber security challenges and mounting regulatory requirements

Apr 15, 2025 2:28 PM

Tags: compliance, cyber, finance, ransomware, regulation, service, threat

Research from Bridewell, a leading UK-based cyber security services provider, has found compliance with regulation as the chief challenge, as well as the main stimulus, for increasing cyber security maturity in the financial services sector. The study, entitled Cyber Security in Financial Services: 2025, also shows that response times to cyber threats like ransomware are…
Top Four Considerations for Zero Trust in Critical Infrastructure

Apr 15, 2025 11:28 AM

Tags: access, ai, attack, authentication, automation, best-practice, breach, business, cctv, ceo, cloud, communications, compliance, corporate, cyber, cybersecurity, data, defense, email, encryption, exploit, finance, group, hacker, healthcare, identity, infrastructure, iot, law, malicious, mfa, nis-2, privacy, regulation, risk, saas, service, software, strategy, threat, tool, vulnerability, zero-trust

Top Four Considerations for Zero Trust in Critical Infrastructure madhav Tue, 04/15/2025 – 06:43 TL;DR Increased efficiency = increased risk. Critical infrastructure organizations are using nearly 100 SaaS apps on average and 60% of their most sensitive data is stored in the cloud. Threat actors aren’t naive to this, leading to a whopping 93% of…
EU’s GDPR Article 7 Poses New Challenges for Businesses To Secure AI-Generated Image Data

Apr 14, 2025 4:33 PM

Tags: ai, compliance, cyber, data, GDPR, intelligence, privacy, regulation

As businesses worldwide embrace digital transformation, the European Union’s General Data Protection Regulation (GDPR), enacted in 2018, remains a cornerstone of data privacy and security. A recent safety report highlighting the rapid advancement of artificial intelligence (AI) has renewed focus on GDPR compliance, particularly Article 7, which governs consent requirements for handling personal data, including…
Adaptive MFA: The Future of Dynamic Identity Security in 2025

Apr 14, 2025 11:33 AM

Tags: cyber, identity, intelligence, mfa, regulation, threat

Adaptive MFA is no longer optional”, it’s a strategic imperative. By blending contextual intelligence with user-centric design, businesses can thwart cyber threats, comply with regulations, and foster trust in an increasingly digital world. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/adaptive-mfa-the-future-of-dynamic-identity-security-in-2025/
Cyberangriff auf eine Assetmanagement-Gesellschaft in Indien

Apr 14, 2025 7:33 AM

Tags: cyberattack, regulation

Intimation under Regulation 30 of the SEBI First seen on nsearchives.nseindia.com Jump to article: nsearchives.nseindia.com/corporate/RNLAM_10042025233316_SE_Intimation.pdf
Why DEI is key for a cyber safe future

Apr 8, 2025 9:42 AM

Tags: access, ai, country, cyber, cyberattack, cybersecurity, data-breach, infrastructure, mitigation, regulation, risk, skills, technology, threat

grow a workforce and body of expertise, not shrink it.By illuminating career pathways or creating opportunities for those who have been historically overlooked, DEIB programs welcome people that may not have been exposed or traditionally have lacked access to the space. Across the US, Black practitioners make up only 8% of the total tech workforce.…
10 things you should include in your AI policy

Apr 8, 2025 8:42 AM

Tags: access, ai, best-practice, breach, business, ceo, ciso, compliance, cybersecurity, data, data-breach, finance, framework, gartner, GDPR, governance, incident response, insurance, law, monitoring, privacy, regulation, risk, software, strategy, switch, technology, tool, training, update

Input from all stakeholders: At Aflac, the security team took the initial lead on developing the company’s AI policy. But AI is not just a security concern. “And it’s not just a legal concern,” Ladner says. “It’s not just a privacy concern. It’s not just a compliance concern. You need to bring all the stakeholders…
Exploring the EU Cybersecurity Certification Scheme: A Guide to Common Criteria

Apr 7, 2025 2:42 PM

Tags: cybersecurity, framework, guide, regulation

What is the EU Cybersecurity Certification Scheme? The EU Cybersecurity Certification Scheme is designed to simplify and harmonize cybersecurity certifications across the EU. With varying national-level rules and regulations creating barriers to trade and inconsistencies in security standards, the framework provides EU-wide schemes that establish a single, trustworthy approach. How Does It Differ from Pre-existing……
Cybersecurity Snapshot: SANS Recommends Six Controls To Secure AI Systems, While NCSC Warns About Outdated API Security Methods

Apr 4, 2025 5:42 PM

Tags: access, advisory, ai, api, attack, authentication, best-practice, botnet, business, cisa, cloud, compliance, computer, control, credentials, cryptography, cyber, cyberattack, cybersecurity, data, detection, dns, endpoint, framework, governance, government, incident response, infrastructure, injection, intelligence, Internet, least-privilege, malicious, mitigation, monitoring, network, phishing, privacy, programming, regulation, resilience, risk, risk-management, sans, service, strategy, supply-chain, threat, training, unauthorized, update, zero-trust

Check out the security controls that SANS Institute says are essential for protecting your AI systems. Plus, the U.K. NCSC urges organizations to adopt newer API security techniques. In addition, CISA and other cyber agencies warn that attackers are using “fast flux” techniques to conceal their actions. And much more! Dive into five things that…
3 Ways the UK Government Plans to Tighten Cyber Security Rules with New Bill

Apr 2, 2025 8:56 PM

Tags: attack, country, cyber, government, infrastructure, ransomware, regulation, resilience, service, update

Amid a sharp spike in ransomware attacks disrupting essential services and critical infrastructure, the U.K. government has set out the scope of its upcoming Cyber Security and Resilience Bill for the first time. It aims to patch the holes in the country’s existing cyber regulations and protect critical infrastructure from ransomware and other attack types.…
UK sets out new cyber reporting requirements for critical infrastructure

Apr 1, 2025 5:55 PM

Tags: country, cyber, cybersecurity, government, infrastructure, law, regulation

The belated reworking of the country’s cybersecurity regulations comes three years after the previous government had prematurely described those laws as “updated” while failing to actually introduce the legislation. First seen on therecord.media Jump to article: therecord.media/uk-sets-out-cyber-reporting-requirements-critical-infrastructure
FDA’s Critical Role in Keeping Medical Devices Secure

Apr 1, 2025 5:55 PM

Tags: regulation, vulnerability

The FDA’s regulations and guidance aim to strike a balance between ensuring rigorous oversight and enabling manufacturers to act swiftly when vulnerabilities are discovered. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/fdas-critical-role-keeping-medical-devices-secure