Tag: regulation
-
Cybersecurity Snapshot: CISA Hands Down Cloud Security Directive, While Threat from North Korean IT Workers Gets the Spotlight
by
in SecurityNews
Tags: access, ai, authentication, best-practice, business, china, cisa, cisco, cloud, computer, control, cyber, cybersecurity, data, data-breach, email, extortion, finance, framework, fraud, google, government, guide, hacker, identity, incident, incident response, infrastructure, intelligence, international, Internet, jobs, korea, kubernetes, law, lessons-learned, linux, login, malicious, microsoft, mobile, monitoring, network, north-korea, office, password, regulation, risk, risk-management, russia, service, software, tactics, technology, threat, tool, updateCheck out the new cloud security requirements for federal agencies. Plus, beware of North Korean government operatives posing as remote IT pros. Also, learn how water plants can protect their HMIs against cyberattacks. And get the latest on the U.S. cyber incident response framework; the CIS Benchmarks; and local and state governments’ cyber challenges. Dive…
-
The Year of Global AI and Cybersecurity Regulations: 7 GRC Predictions for 2025
by
in SecurityNewsAs 2025 approaches, emerging regulations and laws will affect how CISOs strategize and protect their organizations. With the increasing complexity of global compliance frameworks, understanding these changes is crucial for maintaining security and operational efficiency. Let’s discuss what I expect regarding regulatory shifts and their implications in 2025 and explore what CISOs and CCOs should……
-
NYDOH Cybersecurity Regulations: What Healthcare Providers Need to Know in 2025
by
in SecurityNews10 NYCRR 405.46: NY’s New Hospital Cyber Regulation Hospitals are no strangers to health data privacy laws like HIPAA. But New York’s new cybersecurity regulations take things to the next level. Finalized by the New York State Department of Health (NYDOH) in October 2024, these laws aim to fill gaps left by existing frameworks. They……
-
IAM Predictions for 2025: Identity as the Linchpin of Business Resilience
by
in SecurityNews
Tags: access, ai, apple, attack, authentication, banking, breach, business, cloud, compliance, corporate, credentials, crime, data, deep-fake, detection, finance, iam, identity, malicious, microsoft, mobile, office, passkey, password, privacy, regulation, resilience, risk, service, supply-chain, theft, threat, tool, vulnerabilityIAM Predictions for 2025: Identity as the Linchpin of Business Resilience madhav Thu, 12/19/2024 – 05:33 As we look toward 2025, the lessons of 2024 serve as a stark reminder of the rapidly evolving identity and access management (IAM) landscape. The numbers tell the story: The latest Identity Theft Resource Center report indicates that consumers…
-
AI Regulation Gets Serious in 2025 Is Your Organization Ready?
by
in SecurityNewsWhile the challenges are significant, organizations have an opportunity to build scalable AI governance frameworks that ensure compliance while enabling responsible AI innovation. The post AI Regulation Gets Serious in 2025 Is Your Organization Ready? appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/ai-regulation-gets-serious-in-2025-is-your-organization-ready/
-
US Congressional Task Force Offers Roadmap for AI Governance
by
in SecurityNewsLawmakers Urge Washington to Adapt Current Laws to Avoid Duplication. The bipartisan House Task Force on AI released a final report Tuesday urging Congress to adopt an agile, incremental approach to AI policy, avoid duplicative regulations, support AI talent pathways and ensure privacy and transparency in AI governance while addressing its growing energy demands. First…
-
Ireland fines Meta $264 million over 2018 Facebook data breach
by
in SecurityNewsThe Irish Data Protection Commission (DPC) fined Meta Euro251 million ($263.6M) over General Data Protection Regulation (GDPR) violations arising from a 2018 personal data breach impacting 29 million Facebook accounts. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ireland-fines-meta-264-million-over-2018-facebook-data-breach/
-
An easy to follow NIST Compliance Checklist
by
in SecurityNewsWe have seen how cyber attacks have disrupted organisations and businesses repeatedly. Mitigating emerging threats is crucial more than ever, and many organisations are at the forefront of combating them. One such organisation is the National Institute of Standards and Technology (NIST). NIST has released many Special Publications (SP) regulations, each containing guidelines for improving……
-
Hackers Can Jailbreak Digital License Plates to Make Others Pay Their Tolls and Tickets
by
in SecurityNewsDigital license plates sold by Reviver, already legal to buy in some states and drive with nationwide, can be hacked by their owners to evade traffic regulations or even law enforcement surveillance. First seen on wired.com Jump to article: www.wired.com/story/digital-license-plate-jailbreak-hack/
-
Security leaders top 10 takeaways for 2024
by
in SecurityNews
Tags: access, ai, attack, automation, best-practice, breach, business, ciso, cloud, compliance, corporate, crowdstrike, cybercrime, cybersecurity, data, deep-fake, detection, email, finance, fraud, governance, group, guide, hacker, identity, incident response, infosec, ISO-27001, office, okta, phishing, privacy, programming, regulation, risk, risk-management, saas, security-incident, service, software, startup, strategy, technology, threat, tool, training, vulnerabilityThis year has been challenging for CISOs, with a growing burden of responsibility, the push to make cybersecurity a business enabler, the threat of legal liability for security incidents, and an expanding attack landscape.As the year comes to a close, CISOs reflect on some of the takeaways that have shaped the security landscape in 2024.…
-
With DORA approaching, financial institutions must strengthen their cyber resilience
by
in SecurityNewsThe clock is ticking for financial institutions across the EU as the January 17, 2025, deadline for the Digital Operational Resilience Act (DORA) approaches. This regulation … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/16/financial-institutions-dora-requirements/
-
Time of Reckoning Reviewing My 2024 Cybersecurity Predictions
by
in SecurityNews
Tags: ai, attack, automation, awareness, breach, business, chatgpt, china, compliance, cyber, cyberattack, cybercrime, cybersecurity, data, data-breach, disinformation, election, espionage, exploit, healthcare, incident response, infrastructure, jobs, law, linkedin, malware, monitoring, moveIT, phishing, privacy, ransomware, regulation, risk, russia, service, software, supply-chain, technology, threat, tool, ukraine, update, vulnerability, warfare, zero-dayThe brutal reality is that cybersecurity predictions are only as valuable as their accuracy. As 2024 comes to a close, I revisit my forecasts to assess their utility in guiding meaningful decisions. Anyone can make predictions (and far too many do), but actually being correct is another matter altogether. It is commonplace for security companies…
-
Clearinghouse Pays $250K Settlement in Web Exposure Breach
by
in SecurityNewsInmediata Health Group Has Paid $2.7M in Fines, Civil Claims for 2019 HIPAA Breach. A breach that exposed the personal information of nearly 1.6 million patients of a Puerto Rico-based clearinghouse has led to a $250,000 financial settlement with federal regulations for multiple HIPAA violations. The 2019 leak has cost Inmediata Health $2.7 million in…
-
Financial Sector Turning to Multi-Vendor Cloud Strategies
by
in SecurityNewsReport: Financial Orgs Shift to Multi-Cloud to Address Cyber Threats and Regulation. Financial institutions are increasingly adopting multi-cloud strategies to mitigate rising cyber risks and comply with complex regulations, according to a new report. The move enhances flexibility and disaster recovery, though challenges remain, from implementation costs to a growing skills gap. First seen on…
-
Gen AI use cases rising rapidly for cybersecurity, but concerns remain
by
in SecurityNews
Tags: ai, attack, automation, awareness, ceo, ciso, compliance, control, cybersecurity, data, detection, finance, framework, fraud, GDPR, governance, grc, group, guide, Hardware, HIPAA, incident response, intelligence, international, malware, middle-east, monitoring, phishing, privacy, RedTeam, regulation, risk, risk-assessment, risk-management, soc, software, strategy, technology, threat, tool, training, usaGenerative AI is being embedded into security tools at a furious pace as CISOs adopt the technology internally to automate manual processes and improve productivity. But research also suggests this surge in gen AI adoption comes with a fair amount of trepidation among cybersecurity professionals, which CISOs must keep in mind when weaving gen AI…
-
8 biggest cybersecurity threats manufacturers face
by
in SecurityNews
Tags: access, ai, apt, attack, authentication, automation, awareness, business, china, cloud, computer, control, cyber, cyberattack, cybercrime, cybersecurity, data, data-breach, ddos, detection, email, encryption, exploit, extortion, firmware, framework, group, Hardware, india, infrastructure, intelligence, international, Internet, iot, iran, lazarus, leak, malicious, malware, monitoring, network, nis-2, north-korea, open-source, password, phishing, ransom, ransomware, regulation, risk, risk-analysis, risk-assessment, russia, service, software, strategy, supply-chain, technology, threat, update, vulnerability, windowsThe manufacturing sector’s rapid digital transformation, complex supply chains, and reliance on third-party vendors make for a challenging cyber threat environment for CISOs.Manufacturers, often prime targets for state-sponsored malicious actors and ransomware gangs, face the difficult task of maintaining cost-effective operations while modernizing their network infrastructure.”Many manufacturing systems rely on outdated technology that lacks modern…
-
CISOs still cautious about adopting autonomous patch management solutions
by
in SecurityNews
Tags: automation, business, cisco, ciso, cloud, control, crowdstrike, cybersecurity, email, exploit, firmware, group, infosec, microsoft, open-source, regulation, risk, software, strategy, technology, update, vulnerability, windowsFailing to patch vulnerabilities keeps biting CISOs.The most recent evidence: Last month, the Five Eyes cybersecurity agencies in the US, the UK, Australia, Canada, and New Zealand reported that the top 15 vulnerabilities routinely exploited last year included one that dated back to 2020 (a Microsoft Netlogon hole); one that dated back to 2021 (in…
-
Navigating the Changing Landscape of Cybersecurity Regulations
by
in SecurityNewsThe evolving regulatory environment presents both challenges and opportunities for businesses. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/navigating-changing-landscape-cybersecurity-regulations
-
BlackBerry Highlights Rising Software Supply Chain Risks in Malaysia
by
in SecurityNews
Tags: access, ai, attack, breach, ceo, ciso, communications, compliance, cyber, cyberattack, cybersecurity, data, detection, espionage, finance, framework, government, infrastructure, intelligence, international, Internet, iot, malware, mobile, monitoring, phishing, ransomware, regulation, resilience, risk, skills, software, strategy, supply-chain, threat, tool, training, vulnerabilityIn 2024, BlackBerry unveiled new proprietary research, underscoring the vulnerability of software supply chains in Malaysia and around the world.According to the study, 79% of Malaysian organizations reported cyberattacks or vulnerabilities in their software supply chains during the past 12 months, slightly exceeding the global average of 76%. Alarmingly, 81% of respondents revealed they had…
-
Data brokers face sweeping new regulations from CFPB
by
in SecurityNewsFirst seen on therecord.media Jump to article: therecord.media/data-broker-regulations-cfpb
-
New EU Regulation Establishes European ‘Cybersecurity Shield’
by
in SecurityNewsThe European Union has adopted new legislation to establish a cybersecurity shield and ensure adequate security standards for managed security services. The post New EU Regulation Establishes European ‘Cybersecurity Shield’ appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/new-eu-regulation-establishes-european-cybersecurity-shield/
-
EU enacts new laws to strengthen cybersecurity defenses and coordination
by
in SecurityNews
Tags: ai, compliance, cyber, cybersecurity, data, defense, framework, healthcare, infrastructure, law, network, penetration-testing, privacy, regulation, risk, service, soc, technology, threat, vulnerabilityThe European Union has enacted two new laws to bolster its cybersecurity defenses and coordination mechanisms. The measures, part of the cybersecurity legislative package, include the Cyber Solidarity Act and amendments to the Cybersecurity Act (CSA).These steps aim to improve the EU’s ability to detect, prepare for, and respond to cyber threats while fostering uniformity…
-
Why identity security is your best companion for uncharted compliance challenges
by
in SecurityNews
Tags: access, ai, attack, authentication, automation, business, cloud, compliance, control, cyberattack, cybersecurity, data, detection, exploit, finance, framework, GDPR, governance, government, healthcare, HIPAA, identity, india, law, least-privilege, mitigation, monitoring, privacy, regulation, risk, risk-management, service, strategy, supply-chain, technology, threat, tool, zero-trustIn today’s rapidly evolving global regulatory landscape, new technologies, environments, and threats are heightening cybersecurity and data privacy concerns. In the last year, governing bodies have taken significant steps to enact stricter compliance measures”, and more than ever, they are focusing on identity-related threats.Some notable changes include: The National Institute of Standards and Technology (NIST)…
-
CIO POV: Building trust in cyberspace
by
in SecurityNews
Tags: access, ai, attack, best-practice, business, cio, cisa, cloud, cyber, data, deep-fake, encryption, framework, GDPR, group, identity, infrastructure, intelligence, Internet, mfa, mitre, nist, privacy, regulation, resilience, risk, service, software, strategy, technology, threat, tool, update, windowsTrust lies at the heart of every relationship, transaction, and encounter. Yet in cyberspace”, where we work, live, learn, and play”, trust can become elusive.Since the dawn of the internet nearly 50 years ago, we’ve witnessed incredible digital transformations paired with increasingly formidable threats. Knowing who and what to trust has become so difficult that…
-
Is DORA Applicable in the US?
by
in SecurityNewsHow DORA affects US ICT service providers DORA (Digital Operational Resilience Act) is an EU regulation that also affects US organizations, if you’re … First seen on itgovernanceusa.com Jump to article: www.itgovernanceusa.com/blog/is-dora-applicable-in-the-us
-
How DSPM Helps Businesses Meet Compliance Requirements
by
in SecurityNews
Tags: compliance, cybersecurity, data, finance, government, healthcare, regulation, risk, vulnerabilityData Security Posture Management (DSPM) helps monitor, secure, and ensure compliance for sensitive data, reducing risks across diverse environments. Complying with cybersecurity regulations can be a source of great pain for organizations, especially those that handle and store particularly valuable and vulnerable information. Organizations in sectors like healthcare, finance, legal, and government often process vast…