Cyber Security Archive
Not so long ago, cybersecurity experts would say that experiencing a ransomware attack was more a question of “if” than “when.” Now, it’s no longer about “when,” but “how often” and “what’s the damage?” Attacks are happening every day. In …
When Russia’s Cl0p gang hacked Progress Software’s MOVEit Transfer app via a zero-day SQL injection vulnerability on May 27, it soon became apparent that the number of organizations and individuals affected would be high. The first known victim was the …
A data breach at Tesla, which affected 75,735 people and saw sensitive company data compromised, was caused by two former employees, the electric car maker said. In a data breach notice filed with Maine’s attorney general, Tesla’s data privacy officer, …
The U.S. government has created a new system to help consumers understand the cybersecurity risks associated with smart devices. Countless goods now come with Internet-enabled technology that allows users to customize their experience and enjoy greater functionality. Devices such as …
Over the past five years, I’ve had the privilege of providing cybersecurity training, implementation and auditing support, and consultation guidance for countless U.S. businesses. I’ve also practiced most areas of business law over the past forty years. In this time, …
In recent years, the health care industry has become a popular target for bad actors seeking to wreak havoc and extort money in exchange for the return of illicitly acquired sensitive data. According to the Journal of American Medical Associations, …
Under ISO 27001, awareness training is a crucial but often overlooked aspect of information security. The Standard, which describes best practices for implementing an ISMS (information security management system), states that organizations must take a holistic approach to their data …
Earlier this year, the SEC (Securities and Exchange Commission) issued a proposal that would impose new cybersecurity requirements on a range of organizations. Under the plans, broker-dealers, clearing agencies, major security-based swap participants, the Municipal Securities Rulemaking Board, and other …
Rulemaking for the May 2023 CMMC (Cybersecurity Maturity Model Certification) is on track to start within the next few weeks. Rather than moving ahead, becoming formally compliant with NIST 800-171/CMMC v2 Level 2, many U.S. DIB (defense industrial base) organizations …
Data breach notification requirements are complex in the US, with various federal and state laws containing different requirements for when security incidents must be disclosed. Some even have substantially different definitions for what a ‘data breach’ or ‘personal data’ is. …