Tag: regulation
-
Security leaders top 10 takeaways for 2024
Tags: access, ai, attack, automation, best-practice, breach, business, ciso, cloud, compliance, corporate, crowdstrike, cybercrime, cybersecurity, data, deep-fake, detection, email, finance, fraud, governance, group, guide, hacker, identity, incident response, infosec, ISO-27001, office, okta, phishing, privacy, programming, regulation, risk, risk-management, saas, security-incident, service, software, startup, strategy, technology, threat, tool, training, vulnerabilityThis year has been challenging for CISOs, with a growing burden of responsibility, the push to make cybersecurity a business enabler, the threat of legal liability for security incidents, and an expanding attack landscape.As the year comes to a close, CISOs reflect on some of the takeaways that have shaped the security landscape in 2024.…
-
With DORA approaching, financial institutions must strengthen their cyber resilience
The clock is ticking for financial institutions across the EU as the January 17, 2025, deadline for the Digital Operational Resilience Act (DORA) approaches. This regulation … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/16/financial-institutions-dora-requirements/
-
Time of Reckoning Reviewing My 2024 Cybersecurity Predictions
Tags: ai, attack, automation, awareness, breach, business, chatgpt, china, compliance, cyber, cyberattack, cybercrime, cybersecurity, data, data-breach, disinformation, election, espionage, exploit, healthcare, incident response, infrastructure, jobs, law, linkedin, malware, monitoring, moveIT, phishing, privacy, ransomware, regulation, risk, russia, service, software, supply-chain, technology, threat, tool, ukraine, update, vulnerability, warfare, zero-dayThe brutal reality is that cybersecurity predictions are only as valuable as their accuracy. As 2024 comes to a close, I revisit my forecasts to assess their utility in guiding meaningful decisions. Anyone can make predictions (and far too many do), but actually being correct is another matter altogether. It is commonplace for security companies…
-
Clearinghouse Pays $250K Settlement in Web Exposure Breach
Inmediata Health Group Has Paid $2.7M in Fines, Civil Claims for 2019 HIPAA Breach. A breach that exposed the personal information of nearly 1.6 million patients of a Puerto Rico-based clearinghouse has led to a $250,000 financial settlement with federal regulations for multiple HIPAA violations. The 2019 leak has cost Inmediata Health $2.7 million in…
-
Financial Sector Turning to Multi-Vendor Cloud Strategies
Report: Financial Orgs Shift to Multi-Cloud to Address Cyber Threats and Regulation. Financial institutions are increasingly adopting multi-cloud strategies to mitigate rising cyber risks and comply with complex regulations, according to a new report. The move enhances flexibility and disaster recovery, though challenges remain, from implementation costs to a growing skills gap. First seen on…
-
Gen AI use cases rising rapidly for cybersecurity, but concerns remain
Tags: ai, attack, automation, awareness, ceo, ciso, compliance, control, cybersecurity, data, detection, finance, framework, fraud, GDPR, governance, grc, group, guide, Hardware, HIPAA, incident response, intelligence, international, malware, middle-east, monitoring, phishing, privacy, RedTeam, regulation, risk, risk-assessment, risk-management, soc, software, strategy, technology, threat, tool, training, usaGenerative AI is being embedded into security tools at a furious pace as CISOs adopt the technology internally to automate manual processes and improve productivity. But research also suggests this surge in gen AI adoption comes with a fair amount of trepidation among cybersecurity professionals, which CISOs must keep in mind when weaving gen AI…
-
8 biggest cybersecurity threats manufacturers face
Tags: access, ai, apt, attack, authentication, automation, awareness, business, china, cloud, computer, control, cyber, cyberattack, cybercrime, cybersecurity, data, data-breach, ddos, detection, email, encryption, exploit, extortion, firmware, framework, group, Hardware, india, infrastructure, intelligence, international, Internet, iot, iran, lazarus, leak, malicious, malware, monitoring, network, nis-2, north-korea, open-source, password, phishing, ransom, ransomware, regulation, risk, risk-analysis, risk-assessment, russia, service, software, strategy, supply-chain, technology, threat, update, vulnerability, windowsThe manufacturing sector’s rapid digital transformation, complex supply chains, and reliance on third-party vendors make for a challenging cyber threat environment for CISOs.Manufacturers, often prime targets for state-sponsored malicious actors and ransomware gangs, face the difficult task of maintaining cost-effective operations while modernizing their network infrastructure.”Many manufacturing systems rely on outdated technology that lacks modern…
-
CISOs still cautious about adopting autonomous patch management solutions
Tags: automation, business, cisco, ciso, cloud, control, crowdstrike, cybersecurity, email, exploit, firmware, group, infosec, microsoft, open-source, regulation, risk, software, strategy, technology, update, vulnerability, windowsFailing to patch vulnerabilities keeps biting CISOs.The most recent evidence: Last month, the Five Eyes cybersecurity agencies in the US, the UK, Australia, Canada, and New Zealand reported that the top 15 vulnerabilities routinely exploited last year included one that dated back to 2020 (a Microsoft Netlogon hole); one that dated back to 2021 (in…
-
Navigating the Changing Landscape of Cybersecurity Regulations
The evolving regulatory environment presents both challenges and opportunities for businesses. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/navigating-changing-landscape-cybersecurity-regulations
-
BlackBerry Highlights Rising Software Supply Chain Risks in Malaysia
Tags: access, ai, attack, breach, ceo, ciso, communications, compliance, cyber, cyberattack, cybersecurity, data, detection, espionage, finance, framework, government, infrastructure, intelligence, international, Internet, iot, malware, mobile, monitoring, phishing, ransomware, regulation, resilience, risk, skills, software, strategy, supply-chain, threat, tool, training, vulnerabilityIn 2024, BlackBerry unveiled new proprietary research, underscoring the vulnerability of software supply chains in Malaysia and around the world.According to the study, 79% of Malaysian organizations reported cyberattacks or vulnerabilities in their software supply chains during the past 12 months, slightly exceeding the global average of 76%. Alarmingly, 81% of respondents revealed they had…
-
Data brokers face sweeping new regulations from CFPB
First seen on therecord.media Jump to article: therecord.media/data-broker-regulations-cfpb
-
New EU Regulation Establishes European ‘Cybersecurity Shield’
The European Union has adopted new legislation to establish a cybersecurity shield and ensure adequate security standards for managed security services. The post New EU Regulation Establishes European ‘Cybersecurity Shield’ appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/new-eu-regulation-establishes-european-cybersecurity-shield/
-
EU enacts new laws to strengthen cybersecurity defenses and coordination
Tags: ai, compliance, cyber, cybersecurity, data, defense, framework, healthcare, infrastructure, law, network, penetration-testing, privacy, regulation, risk, service, soc, technology, threat, vulnerabilityThe European Union has enacted two new laws to bolster its cybersecurity defenses and coordination mechanisms. The measures, part of the cybersecurity legislative package, include the Cyber Solidarity Act and amendments to the Cybersecurity Act (CSA).These steps aim to improve the EU’s ability to detect, prepare for, and respond to cyber threats while fostering uniformity…
-
Why identity security is your best companion for uncharted compliance challenges
Tags: access, ai, attack, authentication, automation, business, cloud, compliance, control, cyberattack, cybersecurity, data, detection, exploit, finance, framework, GDPR, governance, government, healthcare, HIPAA, identity, india, law, least-privilege, mitigation, monitoring, privacy, regulation, risk, risk-management, service, strategy, supply-chain, technology, threat, tool, zero-trustIn today’s rapidly evolving global regulatory landscape, new technologies, environments, and threats are heightening cybersecurity and data privacy concerns. In the last year, governing bodies have taken significant steps to enact stricter compliance measures”, and more than ever, they are focusing on identity-related threats.Some notable changes include: The National Institute of Standards and Technology (NIST)…
-
CIO POV: Building trust in cyberspace
Tags: access, ai, attack, best-practice, business, cio, cisa, cloud, cyber, data, deep-fake, encryption, framework, GDPR, group, identity, infrastructure, intelligence, Internet, mfa, mitre, nist, privacy, regulation, resilience, risk, service, software, strategy, technology, threat, tool, update, windowsTrust lies at the heart of every relationship, transaction, and encounter. Yet in cyberspace”, where we work, live, learn, and play”, trust can become elusive.Since the dawn of the internet nearly 50 years ago, we’ve witnessed incredible digital transformations paired with increasingly formidable threats. Knowing who and what to trust has become so difficult that…
-
Is DORA Applicable in the US?
How DORA affects US ICT service providers DORA (Digital Operational Resilience Act) is an EU regulation that also affects US organizations, if you’re … First seen on itgovernanceusa.com Jump to article: www.itgovernanceusa.com/blog/is-dora-applicable-in-the-us
-
How DSPM Helps Businesses Meet Compliance Requirements
Tags: compliance, cybersecurity, data, finance, government, healthcare, regulation, risk, vulnerabilityData Security Posture Management (DSPM) helps monitor, secure, and ensure compliance for sensitive data, reducing risks across diverse environments. Complying with cybersecurity regulations can be a source of great pain for organizations, especially those that handle and store particularly valuable and vulnerable information. Organizations in sectors like healthcare, finance, legal, and government often process vast…
-
Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps
Tags: access, advisory, ai, application-security, attack, backup, best-practice, breach, cisa, cloud, computer, cve, cyber, cyberattack, cybercrime, cybersecurity, data, exploit, extortion, firewall, framework, governance, government, group, guide, Hardware, incident, incident response, infrastructure, injection, intelligence, Internet, LLM, malicious, microsoft, mitigation, mitre, monitoring, network, nist, office, open-source, powershell, privacy, ransomware, regulation, risk, risk-management, russia, service, skills, software, sql, strategy, supply-chain, tactics, technology, theft, threat, tool, update, vulnerability, vulnerability-management, windowsDon’t miss OWASP’s update to its “Top 10 Risks for LLMs” list. Plus, the ranking of the most harmful software weaknesses is out. Meanwhile, critical infrastructure orgs have a new framework for using AI securely. And get the latest on the BianLian ransomware gang and on the challenges of protecting water and transportation systems against…
-
China Privacy Law: Data Management Audits Are Coming in 2025
Attorney James Gong Examines Upcoming Regulations Related to Non-Personal Data. In 2025, companies in China will face additional obligations when data protection audits become mandatory, setting a new benchmark for compliance with privacy laws. China is also expected to introduce regulations on non-personal data to establish a framework for ethical and secure data usage. First…
-
Fraud Awareness Week: How to Effectively Protect Your Data and Combat Fraudsters
Tags: access, ai, api, attack, authentication, awareness, business, cloud, communications, compliance, control, credentials, crime, data, defense, detection, encryption, exploit, finance, fraud, Hardware, iam, international, mfa, mobile, office, PCI, privacy, regulation, risk, service, software, strategy, technology, threat, vulnerabilityFraud Awareness Week: How to Effectively Protect Your Data and Combat Fraudsters madhav Tue, 11/19/2024 – 05:28 International Fraud Awareness Week (November 17-23) is a critical time to consider the significant risks that fraud poses to individuals and organizations. Thanks to AI, fraud attempts and successful attacks are alarmingly common and more advanced, with many…
-
Bipartisan effort to clean up cyber regulations gets a boost in House, but calendar is tight
First seen on therecord.media Jump to article: therecord.media/cybersecurity-regulations-legislation-house-version
-
National cyber director calls for streamlined security regulations
Harry Coker Jr. assured critical infrastructure and private sector stakeholders that while standards are necessary, there is a need to harmonize burdensome compliance demands.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/national-cyber-director-streamlined-regulations/732950/
-
Trump 2.0 May Mean Fewer Cybersecurity Regs, Shift in Threats
Given increased tensions with China over tariffs, companies could see a shift in attacks, but also fewer regulations and a run at a business-friendly federal privacy law. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/trump-20-mean-cybersecurity-regs-shift-threats
-
Middle East Cybersecurity Efforts Catch Up After Late Start
Despite having only a scant focus on cybersecurity regulations a decade ago, countries in the Middle East, led by Saudi Arabia and other Gulf nations, have adopted mature frameworks and regulations amid escalating volumes of attacks. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/middle-east-cybersecurity-efforts-catch-up
-
Navigating The Crypto Regulatory Landscape: Global Insights And Future Trends
Navigating the crypto regulatory landscape feels like exploring a fascinating new world. As someone who’s watched the evolution of digital currencies, I find the dynamic nature of crypto regulations both challenging and exciting. With governments worldwide striving to establish a balance between innovation and security, the regulatory environment is ever-changing, reflecting the complexity and potential…

