Tag: regulation
-
Privacy Roundup: Week 13 of Year 2025
Tags: access, ai, android, apple, application-security, breach, browser, cctv, chrome, cloud, cve, cybersecurity, data, detection, exploit, firmware, google, group, leak, linux, malware, microsoft, mobile, phishing, privacy, regulation, router, scam, service, software, technology, threat, tool, update, virus, vpn, vulnerability, zero-dayThis is a news item roundup of privacy or privacy-related news items for 23 MAR 2025 – 29 MAR 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
Securing Canada’s Digital Backbone: Navigating API Compliance
Tags: api, attack, authentication, best-practice, breach, compliance, cyber, data, detection, encryption, flaw, framework, governance, government, infrastructure, monitoring, regulation, risk, service, strategy, threat, vulnerabilityHighlights: Understanding Canadian API Standards: Key principles for secure government API development. Critical Importance of API Security: Why robust protection is vital for citizen data. Compliance and Trust: How adherence to standards builds public confidence. Key Security Considerations: Essential practices for Canadian organizations. Salt Security’s Alignment: How the Salt API Security Platform supports Canadian government…
-
Legal impact on cybersecurity in 2025: new developments and challenges in the EU
Tags: 5G, authentication, compliance, corporate, cybersecurity, dora, finance, framework, fraud, identity, law, network, regulation, resilience, risk, service, strategy, technology, theftDORA Regulation: digital operational resilience in the financial sector: Regulation 2022/2554 (DORA) focuses on increasing the “Digital Operational Resilience” of financial institutions. Approved on 14 December 2022, DORA seeks to strengthen the security and robustness of financial sector entities’ information systems, with the aim of reducing technological risks and cyberthreats.As mentioned, DORA is applicable to…
-
Understanding RDAP: The Future of Domain Registration Data Access
Tags: access, api, attack, authentication, china, compliance, control, cyber, cybercrime, cybersecurity, data, detection, exploit, framework, fraud, GDPR, incident response, infrastructure, intelligence, Internet, law, malicious, malware, phishing, privacy, regulation, service, threat, tool, vulnerability -
CISOs are taking on ever more responsibilities and functional roles has it gone too far?
Tags: ai, business, cio, ciso, cloud, compliance, computing, control, corporate, cyber, cybersecurity, data, defense, framework, fraud, governance, healthcare, infosec, intelligence, international, Internet, jobs, law, mitigation, nist, privacy, regulation, resilience, risk, risk-management, service, skills, software, supply-chain, technology, threatth century alongside technology and internet-enabled threats, morphing to meet the demands of the moment. But the position hasn’t just matured; in many cases it has expanded, taking on additional domains.”The CISO role has expanded significantly over the years as companies realize that information security has a unique picture of what is going on across…
-
AI Regs: Compliance Risks and Hidden Liabilities for CISOs
Attorney Jonathan Armstrong on AI Security, Legal Risks Related to EU AI Act. AI regulation is evolving fast, and many businesses may already be violating key provisions without realizing it. Jonathan Armstrong, partner at Punter Southall Law, warns that companies may be using high-risk AI applications without security teams even knowing. First seen on govinfosecurity.com…
-
The State of Digital Trust in 2025 Consumers Still Shoulder the Responsibility
Tags: access, ai, authentication, banking, breach, captcha, cloud, compliance, control, cyber, data, deep-fake, encryption, finance, fintech, framework, GDPR, government, healthcare, identity, india, insurance, law, login, malicious, metric, mfa, mitigation, password, privacy, regulation, resilience, risk, service, software, strategy, switch, technology, threat, toolThe State of Digital Trust in 2025 – Consumers Still Shoulder the Responsibility madhav Thu, 03/20/2025 – 04:52 Trust remains the cornerstone of digital interactions, yet its foundations are increasingly fragile in an era of sophisticated cyber threats and evolving consumer expectations. The 2024 Digital Trust Index gave us extremely important insights into the expectations…
-
Why Continuous Compliance Monitoring Is Essential For IT Managed Service Providers
Regulatory compliance is no longer just a concern for large enterprises. Small and mid-sized businesses (SMBs) are increasingly subject to strict data protection and security regulations, such as HIPAA, PCI-DSS, CMMC, GDPR, and the FTC Safeguards Rule. However, many SMBs struggle to maintain compliance due to limited IT resources, evolving regulatory requirements, and complex security…
-
Google, OpenAI Push Urges Trump to Ease AI Export Controls
AI Giants Also Like ‘Fair Use’ Exemptions for Copyrighted Material. OpenAI and Google laid out visions for regulation in response to the Trump administration’s AI Action Plan, which aims to help the United States maintain technological lead over China. Both companies want Biden-era export controls lightened. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/google-openai-push-urges-trump-to-ease-ai-export-controls-a-27739
-
UK Cybersecurity Weekly News Roundup 16 March 2025
Tags: access, apple, attack, backdoor, backup, compliance, control, cyber, cyberattack, cybercrime, cybersecurity, data, encryption, finance, firewall, government, group, hacking, insurance, law, lockbit, malicious, network, office, privacy, ransomware, regulation, risk, russia, service, software, virusWelcome to this week’s edition of our cybersecurity news roundup, bringing you the latest developments and insights from the UK and beyond. UK Government’s Stance on Encryption Raises Global Concerns The UK government has ordered Apple to provide backdoor access to iCloud users’ encrypted backups under the Investigatory Powers Act of 2016. This secret order…
-
CIOs and CISOs take on NIS2: Key challenges, security opportunities
Tags: access, cio, ciso, compliance, cybersecurity, data, GDPR, group, healthcare, ISO-27001, jobs, monitoring, nis-2, office, organized, privacy, regulation, risk, skills, software, strategy, supply-chain, technology, trainingCompliance will be easier for some: There are CIOs and CISOs who have found NIS2 compliance relatively easy: those who have worked toward ISO/IEC 27001:2022 certification, whether they remained in the preparation phase or actually got certified.Those who have the certification report having found themselves with “80% of the work done”: the company is ready…
-
NYDFS Cybersecurity Regulation: Dates, Facts and Requirements
New York, the city that never sleeps, is also the city that takes cybersecurity very seriously. If you’re part of the financial services ecosystem here”, or interact with businesses regulated by the New York State Department of Financial Services”, you’ve likely come across the NYDFS Cybersecurity Regulation. What Is the NYDFS Cybersecurity Regulation? The New…
-
Breaking the Barriers to a Password-Free Life in Enterprise: Meet SafeNet eToken Fusion NFC PIV security key
Tags: access, authentication, cloud, compliance, control, credentials, data, defense, encryption, fido, framework, government, healthcare, identity, infrastructure, mobile, nfc, password, phishing, regulation, service, software, strategy, technology, windowsBreaking the Barriers to a Password-Free Life in Enterprise: Meet SafeNet eToken Fusion NFC PIV security key madhav Thu, 03/13/2025 – 06:46 As large organizations increasingly shift towards passwordless solutions, the benefits are clear: enhanced user experience, improved security, and significant cost savings. The FIDO (Fast Identity Online) standard has emerged as the gold standard…
-
Companies are drowning in high-risk software security debt, and the breach outlook is getting worse
Flaw prevalence: Leading organizations have flaws in fewer than 43% of applications, while lagging organizations exceed 86%.Fix capacity: Leaders resolve over 10% of flaws monthly, whereas laggards address less than 1%.Fix speed: Top performers remediate half of flaws in five weeks; lower-performing organizations take longer than a year.Security debt prevalence: Less than 17% of applications…
-
UK Cybersecurity Weekly News Roundup 9 March 2025
Tags: android, attack, backdoor, breach, china, cloud, compliance, computer, cyber, cyberattack, cybercrime, cybersecurity, data, espionage, exploit, government, group, hacker, infrastructure, international, malware, microsoft, network, ransomware, regulation, resilience, service, skills, software, theft, update, vulnerabilityWelcome to this week’s edition of our cybersecurity news roundup, bringing you the latest developments and insights from the UK and beyond. Microsoft Engineer’s Transition to Cybersecurity Ankit Masrani, a 36-year-old software engineer, successfully transitioned into a cybersecurity role at Microsoft. With a background in IT and a Master’s degree in computer science, Masrani secured…
-
MITRE EMB3D for OT & ICS Threat Modeling Takes Flight
Manufacturers and infrastructure providers are gaining options to satisfy regulations and boost cyber safety for embedded and industrial control systems, as EMB3D, STRIDE, and ATT&CK for ICS gain traction. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/mitre-emb3d-ot-ics-threat-modeling
-
Cybersecurity Snapshot: CSA Outlines Data Security Challenges and Best Practices, While ISACA Offers Tips To Retain IT Pros
Tags: advisory, ai, awareness, banking, best-practice, business, cloud, compliance, corporate, crime, crypto, cve, cyber, cybercrime, cybersecurity, data, defense, exploit, extortion, finance, fraud, governance, government, group, healthcare, infrastructure, iot, jobs, mail, malicious, microsoft, mitigation, monitoring, network, nis-2, privacy, qr, ransom, ransomware, regulation, resilience, risk, risk-assessment, risk-management, scam, service, strategy, technology, threat, tool, vmware, vulnerability, vulnerability-management, zero-dayCheck out best practices for shoring up data security and reducing cyber risk. Plus, get tips on how to improve job satisfaction among tech staff. Meanwhile, find out why Congress wants federal contractors to adopt vulnerability disclosure programs. And get the latest on cyber scams; zero-day vulnerabilities; and critical infrastructure security. Dive into six things…
-
Misconfigured access management systems expose global enterprises to security risks
Tags: access, attack, authentication, control, credentials, cyberattack, cybersecurity, data, data-breach, detection, finance, Internet, monitoring, network, regulation, risk, technology, update, vulnerabilityRegional and industry-wide exposure: The investigation found a disproportionate concentration of exposed AMS in Europe, with Italy emerging as a key hotspot, reporting 16,678 exposed systems. Mexico and Vietnam followed, with 5,940 and 5,035 systems exposed, respectively.The US recorded 1,966 vulnerable systems, while other technologically advanced nations such as Canada and Japan showed comparatively lower…
-
Key Takeaways from the CSA Understanding Data Security Risk Survey
Tags: access, ai, attack, automation, business, cloud, compliance, control, data, encryption, Hardware, intelligence, monitoring, network, regulation, risk, risk-management, software, strategy, switch, tool, update, vulnerabilityKey Takeaways from the CSA Understanding Data Security Risk Survey madhav Tue, 03/04/2025 – 04:32 As hybrid and multi-cloud environments become increasingly popular, identifying, prioritizing, and mitigating data security risks becomes increasingly complex. How can we tackle this complexity? By gaining insight into how organizations handle risk. That’s the goal of the latest Cloud Security…
-
Building cyber resilience in banking: Expert insights on strategy, risk, and regulation
In this Help Net Security interview, Matthew Darlage, CISO at Citizens, discusses key strategies for strengthening cyber resilience in banks. He underlines that adherence to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/04/matthew-darlage-citizens-banks-cyber-resilience/
-
Privacy Roundup: Week 9 of Year 2025
Tags: access, android, apple, attack, backdoor, breach, browser, cctv, control, cyber, cybersecurity, data, data-breach, encryption, endpoint, exploit, firmware, flaw, government, group, hacker, Internet, jobs, law, leak, malware, office, password, phishing, privacy, regulation, router, scam, service, software, switch, technology, threat, tool, update, vpn, vulnerabilityThis is a news item roundup of privacy or privacy-related news items for 23 FEB 2025 – 1 MAR 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
Why cyber attackers are targeting your solar energy systems, and how to stop them
Tags: access, attack, authentication, automation, awareness, backup, best-practice, china, communications, control, credentials, cyber, cybercrime, cybersecurity, data, detection, exploit, firmware, framework, group, infrastructure, iot, mfa, monitoring, network, password, penetration-testing, regulation, risk, russia, service, software, technology, threat, update, vulnerabilitySmart inverter vulnerabilities threaten the electric grid: The biggest risk occurs during high-demand times. If enough solar DERs suddenly go offline during a critical period, there might not be adequate alternative energy sources that can come online immediately, or the available alternatives are much more expensive to operate. Attackers can produce similar results merely by…
-
What is zero trust? The security model for a distributed and risky era
Tags: access, ai, authentication, best-practice, breach, business, ceo, cloud, compliance, computer, computing, control, corporate, credentials, cyberattack, data, detection, framework, government, guide, identity, infrastructure, intelligence, jobs, login, monitoring, network, nist, office, password, ransomware, regulation, risk, saas, service, technology, threat, tool, vpn, zero-trustHow zero trust works: To visualize how zero trust works, consider a simple case: a user accessing a shared web application. Under traditional security rules, if a user was on a corporate network, either because they were in the office or connected via a VPN, they could simply click the application and access it; because…