Tag: regulation
-
Clearinghouse Pays $250K Settlement in Web Exposure Breach
Inmediata Health Group Has Paid $2.7M in Fines, Civil Claims for 2019 HIPAA Breach. A breach that exposed the personal information of nearly 1.6 million patients of a Puerto Rico-based clearinghouse has led to a $250,000 financial settlement with federal regulations for multiple HIPAA violations. The 2019 leak has cost Inmediata Health $2.7 million in…
-
Financial Sector Turning to Multi-Vendor Cloud Strategies
Report: Financial Orgs Shift to Multi-Cloud to Address Cyber Threats and Regulation. Financial institutions are increasingly adopting multi-cloud strategies to mitigate rising cyber risks and comply with complex regulations, according to a new report. The move enhances flexibility and disaster recovery, though challenges remain, from implementation costs to a growing skills gap. First seen on…
-
Gen AI use cases rising rapidly for cybersecurity, but concerns remain
Tags: ai, attack, automation, awareness, ceo, ciso, compliance, control, cybersecurity, data, detection, finance, framework, fraud, GDPR, governance, grc, group, guide, Hardware, HIPAA, incident response, intelligence, international, malware, middle-east, monitoring, phishing, privacy, RedTeam, regulation, risk, risk-assessment, risk-management, soc, software, strategy, technology, threat, tool, training, usaGenerative AI is being embedded into security tools at a furious pace as CISOs adopt the technology internally to automate manual processes and improve productivity. But research also suggests this surge in gen AI adoption comes with a fair amount of trepidation among cybersecurity professionals, which CISOs must keep in mind when weaving gen AI…
-
8 biggest cybersecurity threats manufacturers face
Tags: access, ai, apt, attack, authentication, automation, awareness, business, china, cloud, computer, control, cyber, cyberattack, cybercrime, cybersecurity, data, data-breach, ddos, detection, email, encryption, exploit, extortion, firmware, framework, group, Hardware, india, infrastructure, intelligence, international, Internet, iot, iran, lazarus, leak, malicious, malware, monitoring, network, nis-2, north-korea, open-source, password, phishing, ransom, ransomware, regulation, risk, risk-analysis, risk-assessment, russia, service, software, strategy, supply-chain, technology, threat, update, vulnerability, windowsThe manufacturing sector’s rapid digital transformation, complex supply chains, and reliance on third-party vendors make for a challenging cyber threat environment for CISOs.Manufacturers, often prime targets for state-sponsored malicious actors and ransomware gangs, face the difficult task of maintaining cost-effective operations while modernizing their network infrastructure.”Many manufacturing systems rely on outdated technology that lacks modern…
-
CISOs still cautious about adopting autonomous patch management solutions
Tags: automation, business, cisco, ciso, cloud, control, crowdstrike, cybersecurity, email, exploit, firmware, group, infosec, microsoft, open-source, regulation, risk, software, strategy, technology, update, vulnerability, windowsFailing to patch vulnerabilities keeps biting CISOs.The most recent evidence: Last month, the Five Eyes cybersecurity agencies in the US, the UK, Australia, Canada, and New Zealand reported that the top 15 vulnerabilities routinely exploited last year included one that dated back to 2020 (a Microsoft Netlogon hole); one that dated back to 2021 (in…
-
Navigating the Changing Landscape of Cybersecurity Regulations
The evolving regulatory environment presents both challenges and opportunities for businesses. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/navigating-changing-landscape-cybersecurity-regulations
-
BlackBerry Highlights Rising Software Supply Chain Risks in Malaysia
Tags: access, ai, attack, breach, ceo, ciso, communications, compliance, cyber, cyberattack, cybersecurity, data, detection, espionage, finance, framework, government, infrastructure, intelligence, international, Internet, iot, malware, mobile, monitoring, phishing, ransomware, regulation, resilience, risk, skills, software, strategy, supply-chain, threat, tool, training, vulnerabilityIn 2024, BlackBerry unveiled new proprietary research, underscoring the vulnerability of software supply chains in Malaysia and around the world.According to the study, 79% of Malaysian organizations reported cyberattacks or vulnerabilities in their software supply chains during the past 12 months, slightly exceeding the global average of 76%. Alarmingly, 81% of respondents revealed they had…
-
Data brokers face sweeping new regulations from CFPB
First seen on therecord.media Jump to article: therecord.media/data-broker-regulations-cfpb
-
New EU Regulation Establishes European ‘Cybersecurity Shield’
The European Union has adopted new legislation to establish a cybersecurity shield and ensure adequate security standards for managed security services. The post New EU Regulation Establishes European ‘Cybersecurity Shield’ appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/new-eu-regulation-establishes-european-cybersecurity-shield/
-
EU enacts new laws to strengthen cybersecurity defenses and coordination
Tags: ai, compliance, cyber, cybersecurity, data, defense, framework, healthcare, infrastructure, law, network, penetration-testing, privacy, regulation, risk, service, soc, technology, threat, vulnerabilityThe European Union has enacted two new laws to bolster its cybersecurity defenses and coordination mechanisms. The measures, part of the cybersecurity legislative package, include the Cyber Solidarity Act and amendments to the Cybersecurity Act (CSA).These steps aim to improve the EU’s ability to detect, prepare for, and respond to cyber threats while fostering uniformity…
-
Why identity security is your best companion for uncharted compliance challenges
Tags: access, ai, attack, authentication, automation, business, cloud, compliance, control, cyberattack, cybersecurity, data, detection, exploit, finance, framework, GDPR, governance, government, healthcare, HIPAA, identity, india, law, least-privilege, mitigation, monitoring, privacy, regulation, risk, risk-management, service, strategy, supply-chain, technology, threat, tool, zero-trustIn today’s rapidly evolving global regulatory landscape, new technologies, environments, and threats are heightening cybersecurity and data privacy concerns. In the last year, governing bodies have taken significant steps to enact stricter compliance measures”, and more than ever, they are focusing on identity-related threats.Some notable changes include: The National Institute of Standards and Technology (NIST)…
-
CIO POV: Building trust in cyberspace
Tags: access, ai, attack, best-practice, business, cio, cisa, cloud, cyber, data, deep-fake, encryption, framework, GDPR, group, identity, infrastructure, intelligence, Internet, mfa, mitre, nist, privacy, regulation, resilience, risk, service, software, strategy, technology, threat, tool, update, windowsTrust lies at the heart of every relationship, transaction, and encounter. Yet in cyberspace”, where we work, live, learn, and play”, trust can become elusive.Since the dawn of the internet nearly 50 years ago, we’ve witnessed incredible digital transformations paired with increasingly formidable threats. Knowing who and what to trust has become so difficult that…
-
Is DORA Applicable in the US?
How DORA affects US ICT service providers DORA (Digital Operational Resilience Act) is an EU regulation that also affects US organizations, if you’re … First seen on itgovernanceusa.com Jump to article: www.itgovernanceusa.com/blog/is-dora-applicable-in-the-us
-
How DSPM Helps Businesses Meet Compliance Requirements
Tags: compliance, cybersecurity, data, finance, government, healthcare, regulation, risk, vulnerabilityData Security Posture Management (DSPM) helps monitor, secure, and ensure compliance for sensitive data, reducing risks across diverse environments. Complying with cybersecurity regulations can be a source of great pain for organizations, especially those that handle and store particularly valuable and vulnerable information. Organizations in sectors like healthcare, finance, legal, and government often process vast…
-
Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps
Tags: access, advisory, ai, application-security, attack, backup, best-practice, breach, cisa, cloud, computer, cve, cyber, cyberattack, cybercrime, cybersecurity, data, exploit, extortion, firewall, framework, governance, government, group, guide, Hardware, incident, incident response, infrastructure, injection, intelligence, Internet, LLM, malicious, microsoft, mitigation, mitre, monitoring, network, nist, office, open-source, powershell, privacy, ransomware, regulation, risk, risk-management, russia, service, skills, software, sql, strategy, supply-chain, tactics, technology, theft, threat, tool, update, vulnerability, vulnerability-management, windowsDon’t miss OWASP’s update to its “Top 10 Risks for LLMs” list. Plus, the ranking of the most harmful software weaknesses is out. Meanwhile, critical infrastructure orgs have a new framework for using AI securely. And get the latest on the BianLian ransomware gang and on the challenges of protecting water and transportation systems against…
-
China Privacy Law: Data Management Audits Are Coming in 2025
Attorney James Gong Examines Upcoming Regulations Related to Non-Personal Data. In 2025, companies in China will face additional obligations when data protection audits become mandatory, setting a new benchmark for compliance with privacy laws. China is also expected to introduce regulations on non-personal data to establish a framework for ethical and secure data usage. First…
-
Fraud Awareness Week: How to Effectively Protect Your Data and Combat Fraudsters
Tags: access, ai, api, attack, authentication, awareness, business, cloud, communications, compliance, control, credentials, crime, data, defense, detection, encryption, exploit, finance, fraud, Hardware, iam, international, mfa, mobile, office, PCI, privacy, regulation, risk, service, software, strategy, technology, threat, vulnerabilityFraud Awareness Week: How to Effectively Protect Your Data and Combat Fraudsters madhav Tue, 11/19/2024 – 05:28 International Fraud Awareness Week (November 17-23) is a critical time to consider the significant risks that fraud poses to individuals and organizations. Thanks to AI, fraud attempts and successful attacks are alarmingly common and more advanced, with many…
-
Bipartisan effort to clean up cyber regulations gets a boost in House, but calendar is tight
First seen on therecord.media Jump to article: therecord.media/cybersecurity-regulations-legislation-house-version
-
National cyber director calls for streamlined security regulations
Harry Coker Jr. assured critical infrastructure and private sector stakeholders that while standards are necessary, there is a need to harmonize burdensome compliance demands.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/national-cyber-director-streamlined-regulations/732950/
-
Trump 2.0 May Mean Fewer Cybersecurity Regs, Shift in Threats
Given increased tensions with China over tariffs, companies could see a shift in attacks, but also fewer regulations and a run at a business-friendly federal privacy law. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/trump-20-mean-cybersecurity-regs-shift-threats
-
Middle East Cybersecurity Efforts Catch Up After Late Start
Despite having only a scant focus on cybersecurity regulations a decade ago, countries in the Middle East, led by Saudi Arabia and other Gulf nations, have adopted mature frameworks and regulations amid escalating volumes of attacks. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/middle-east-cybersecurity-efforts-catch-up
-
Navigating The Crypto Regulatory Landscape: Global Insights And Future Trends
Navigating the crypto regulatory landscape feels like exploring a fascinating new world. As someone who’s watched the evolution of digital currencies, I find the dynamic nature of crypto regulations both challenging and exciting. With governments worldwide striving to establish a balance between innovation and security, the regulatory environment is ever-changing, reflecting the complexity and potential…
-
The ROI of Security Investments: How Cybersecurity Leaders Prove It
Cyber threats are intensifying, and cybersecurity has become critical to business operations. As security budgets grow, CEOs and boardrooms are demanding concrete evidence that cybersecurity initiatives deliver value beyond regulation compliance.Just like you wouldn’t buy a car without knowing it was first put through a crash test, security systems must also be validated to confirm…
-
A Trump Win Could Unleash Dangerous AI
Donald Trump’s opposition to woke safety standards for artificial intelligence would likely mean the dismantling of regulations that protect Americans… First seen on wired.com Jump to article: www.wired.com/story/donald-trump-ai-safety-regulation/
-
New York State Cybersecurity Regulations Now in Effect: What You Need to Know?
As of November 1, 2024, the new amendments to the New York State Department of Financial Services (NYDFS) Cybersecurity Regulations have officially come into play. These regulations are significant for… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/new-york-state-cybersecurity-regulations-now-in-effect-what-you-need-to-know/
-
Trump’s Return: Impact on Health Sector Cyber, HIPAA Regs
Experts on Potential Data Security and HIPAA Privacy Changes in Trump’s Second Term. With Donald Trump set to return to the White House to serve another four-year term as U.S. president, what might the healthcare sector expect to see when it comes to his next administration’s cybersecurity priorities and HIPAA regulations and enforcement? Experts weigh…
-
Despite Emerging Regulations, Mobile Device, IoT Security Requires More Industry Attention
Omdia Principal Analyst Hollie Hennessy says that until a promising new set of regulations around the world comes online, connected device security entails a shared responsibility among consumers, enterprises, and manufacturers. First seen on darkreading.com Jump to article: www.darkreading.com/iot/mobile-device-iot-security-requires-more-industry-attention