A “white hat” is an ethical computer hacker who specializes in penetration testing and other testing methodologies to ensure the security of an organization’s information systems. According to the Ethical Hacking Council, “The goal of the ethical hacker is … Continue Reading
Tag Archives: cybersecurity
Mixed Signals on The Future of SEC Cyber Enforcement
Posted in Cybersecurity, Regulation, Securities and Exchange CommissionAs previously reported, the U.S. Securities and Exchange Commission (SEC) unanimously voted to approve additional guidance for reporting cybersecurity risks last month. However, it is unclear what, if any, impact the new guidance will have on the rate of … Continue Reading
New SEC Cybersecurity Guidance Outlines Disclosure Obligations
Posted in Data Security, Regulation, Securities and Exchange CommissionLast week, as previously reported, the U.S. Securities and Exchange Commission (SEC) unanimously voted to approve additional guidance for reporting cybersecurity risks. The release of this guidance underscores the SEC’s intent to prioritize cybersecurity compliance in 2018. The SEC … Continue Reading
Cybersecurity: FINRA Guidance through 2018 Priorities and Recent Exam Findings
Posted in Cybersecurity, Financial Services Information Management, Information Management, Notification, PrivacyThe Financial Industry Regulatory Authority (FINRA) is ramping up on their commitment to assist the industry in its cybersecurity compliance efforts. Recent guidance to the industry from FINRA includes:
- an Examination Findings Report, detailing observations from recent broker-dealer examinations
DoD Cyber Compliance Deadline Fast Approaching – Here’s What Government Contractors Need to Know
Posted in Cybersecurity, RegulationU.S. Department of Defense (DoD) contractors face new cybersecurity compliance requirements, including a significant deadline set for December 31, 2017.
Most DoD contracts now include clauses imposing obligations on contractors’ protection of government information and reporting of cyber incidents. These … Continue Reading
Cyberattacks—Are You Ready?
Posted in Cybersecurity, Information ManagementRecent cyber-attacks hurt individuals and investors on a regular basis. Recent attacks have cost hundreds of millions of dollars. Firms that have dismissed the dangers are increasingly at risk of regulatory action. New European laws will likely increase fines for … Continue Reading
Government Response to Increasing Cyber Threats
Posted in Cybersecurity, LegislationGovernment agencies collect and hold massive amounts of personally identifiable information (PII), creating valuable targets for cybercrime. Recently proposed legislation would impose baseline standards for cyber hygiene on federal agencies. State and local governments, as well as private industry, should … Continue Reading
Proposed Bipartisan Bill Intended to Strengthen Security of Internet of Things (IoT) Devices
Posted in Cybersecurity, LegislationEarlier this month, Senators from both sides of the aisle introduced the “Internet of Things Cybersecurity Improvement Act of 2017,” outlining new security requirements for vendors who supply the U.S. Government with IoT devices. The bill was proposed … Continue Reading
DOJ Takes Down AlphaBay, the World’s Largest Dark Web Marketplace
Posted in Cybersecurity, Identity Theft
The U.S. Department of Justice has announced the seizure of AlphaBay, the largest criminal marketplace on the Internet, which was used to sell stolen financial information, identification documents and other personal data, computer hacking tools, drugs, firearms, and a vast … Continue Reading
Law Firms’ Data Duty: Protecting Client Information From Cybercriminals
Posted in Cyber Insurance, Cybersecurity, Data breach, Data Security, Health Information, Information Management, Litigation, Other, PrivacyThe impact from the recent Petya/NotPetya ransomware attack — or what was reported as a ransomware attack but now appears to be something even more damaging — continues to spread around the globe, with several new companies coming forward as … Continue Reading
Increased Focus on Health Care Cybersecurity: HHS Releases Long-Awaited Report and Cyber Attack Quick-Response Checklist
Posted in Health Information, Other, RegulationThe U.S. Department of Health & Human Services (HHS) issued a recent report noting that cybersecurity is a key public health concern that needs “immediate and aggressive attention.” Shortly thereafter, HHS’ Office for Civil Rights (OCR) released a checklist of … Continue Reading
21st Century Data Breaches: Not All Fun and Games
Posted in Data breach, Data Security, Privacy, RetailData breaches can occur in the most surprising places. When data breaches affect sensitive, private information—especially those of children—companies can face scrutiny from regulatory agencies and be exposed to civil (and perhaps even criminal) liability. While hackers are still targeting … Continue Reading
ERISA Advisory Council Issues 2016 Report on Benefit Plan Cybersecurity
Posted in Cybersecurity, Data breach, Employee Benefit Plan Data“Cyber threats cannot be eliminated but they can be managed. Cyber experts say that it is not a question of if you will have a cyber-attack, rather it is a question of when. The next question is what you … Continue Reading
Yahoo Déjà Vu – One Billion Yahoo Accounts Hacked
Posted in Consumer Privacy/FTC, Cybersecurity, Data breach, Data Security, Identity Theft, Other, PrivacyYesterday afternoon Yahoo Inc. (Yahoo) announced that user information was stolen from more than one billion accounts in August 2013. Yahoo said that the stolen information includes, “names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, … Continue Reading
Cybersecurity Threats May Impact Your Digital Health
Posted in Consumer Privacy/FTC, Cybersecurity, Data breach, Data Protection and Competition, Health InformationAs the healthcare industry continues to embrace the Internet of Things, cybersecurity may present unprecedented health and privacy risks to patients. Wireless-enabled medical devices are increasingly common. For some patients, this means that their hearts are, quite literally, connected … Continue Reading
Banking Regulators Propose Enhanced Cyber Risk Management Standards
Posted in Financial Services Information ManagementOn October 19, 2016, the Federal Reserve, the Federal Deposit Insurance Corporation and the Office of the Comptroller of the Currency (together, the “Prudential Regulators”) published an advance notice of proposed rulemaking (ANPR) that would require banks with more than … Continue Reading
A New Shorting Strategy: Short Selling Cybersecurity Vulnerabilities
Posted in Data Protection and Competition, Data SecuritySt. Jude’s Medical has filed a defamation lawsuit against short-seller, Muddy Waters LLC, and cyber-security research company, MedSec Holdings, along with executives at the companies, following allegations by the companies of cybersecurity vulnerabilities in some of St. Jude’s medical devices.… Continue Reading
Effective November 3, 2016: Final DoD Cyber Incident Reporting Rule
Posted in CybersecurityOn Tuesday, October 4, 2016, the Department of Defense (DoD) issued a long-awaited final rule implementing statutory requirements (10 U.S.C. §§ 391, 393) as part of 32 C.F.R part 236 regarding the reporting, by defense contractors, of certain cyber incidents … Continue Reading
G-7 Leaders Establish Cybersecurity Best Practices for Financial Sector
Posted in Cybersecurity, Financial Services Information ManagementBusinesses and financial entities continue to grapple with the increasing frequency and sophistication of hacking, displayed by the recent botnet attack that affected numerous websites on October 21, 2016, as well as the recent SWIFT hack which was used … Continue Reading
FFIEC Issues FAQs on the Cybersecurity Assessment Tool
Posted in Cybersecurity, Financial Services Information ManagementOn October 18, 2016, the Federal Financial Institutions Examination Council (FFIEC) issued answers to frequently asked questions (FAQs) to clarify points in FFEIC’s Cybersecurity Assessment Tool (Assessment). FFIEC released the Assessment in June 2015 to help financial institutions identify their … Continue Reading
Industry Insight: Information Governance – Leverage Your Business Intelligence and Reduce Risk
Posted in Cybersecurity, Data breach, Data Protection and Competition“The goal is to turn data into information, and information into insight.” – Carly Fiorina, former CEO, Hewlett-Packard Co.
The most valuable asset of every organization is information. Organizing, analyzing and optimizing this complex source of business intelligence … Continue Reading
New York Raises the Bar – Will Other States Follow?
Posted in Cybersecurity, Financial Services Information ManagementOn September 13, 2016, the New York Department of Financial Services (DFS) proposed new first-in-the-nation cybersecurity regulations (Regulations) that would require banks and other financial institutions to adopt minimum cybersecurity standards. In some ways the regulations are consistent with existing … Continue Reading
Dude, Where’s My Bitcoin?
Posted in Cybersecurity, Data breach, Financial Services Information ManagementSomewhere in a lavish Mediterranean villa a drug lord wearing an off-white suit had a heart attack. Elsewhere a tech whiz in Silicon Valley refreshed his browser multiple times as his heart sank further with each reloaded page. And a … Continue Reading
SEC’s IT Security Under Attack as It Attacks Others
Posted in CybersecurityThe inspector general (IG) of the U.S. Securities and Exchange Commission (SEC) reported last week that the SEC has not sufficiently implemented information technology security upgrades in order to protect highly sensitive information from data breaches. The IG reported that … Continue Reading