On April 25, the Securities and Exchange Commission announced a settlement with Yahoo that constituted its first enforcement action against a public company for failing to disclose a data breach.
This settlement demonstrates that companies in post-data breach environments must … Continue Reading
A “white hat” is an ethical computer hacker who specializes in penetration testing and other testing methodologies to ensure the security of an organization’s information systems. According to the Ethical Hacking Council, “The goal of the ethical hacker is … Continue Reading
As previously reported, the U.S. Securities and Exchange Commission (SEC) unanimously voted to approve additional guidance for reporting cybersecurity risks last month. However, it is unclear what, if any, impact the new guidance will have on the rate of … Continue Reading
Last week, as previously reported, the U.S. Securities and Exchange Commission (SEC) unanimously voted to approve additional guidance for reporting cybersecurity risks. The release of this guidance underscores the SEC’s intent to prioritize cybersecurity compliance in 2018. The SEC … Continue Reading
The Financial Industry Regulatory Authority (FINRA) is ramping up on their commitment to assist the industry in its cybersecurity compliance efforts. Recent guidance to the industry from FINRA includes:
U.S. Department of Defense (DoD) contractors face new cybersecurity compliance requirements, including a significant deadline set for December 31, 2017.
Most DoD contracts now include clauses imposing obligations on contractors’ protection of government information and reporting of cyber incidents. These … Continue Reading
Recent cyber-attacks hurt individuals and investors on a regular basis. Recent attacks have cost hundreds of millions of dollars. Firms that have dismissed the dangers are increasingly at risk of regulatory action. New European laws will likely increase fines for … Continue Reading
Government agencies collect and hold massive amounts of personally identifiable information (PII), creating valuable targets for cybercrime. Recently proposed legislation would impose baseline standards for cyber hygiene on federal agencies. State and local governments, as well as private industry, should … Continue Reading
Earlier this month, Senators from both sides of the aisle introduced the “Internet of Things Cybersecurity Improvement Act of 2017,” outlining new security requirements for vendors who supply the U.S. Government with IoT devices. The bill was proposed … Continue Reading
The U.S. Department of Justice has announced the seizure of AlphaBay, the largest criminal marketplace on the Internet, which was used to sell stolen financial information, identification documents and other personal data, computer hacking tools, drugs, firearms, and a vast … Continue Reading
The impact from the recent Petya/NotPetya ransomware attack — or what was reported as a ransomware attack but now appears to be something even more damaging — continues to spread around the globe, with several new companies coming forward as … Continue Reading
The U.S. Department of Health & Human Services (HHS) issued a recent report noting that cybersecurity is a key public health concern that needs “immediate and aggressive attention.” Shortly thereafter, HHS’ Office for Civil Rights (OCR) released a checklist of … Continue Reading
Data breaches can occur in the most surprising places. When data breaches affect sensitive, private information—especially those of children—companies can face scrutiny from regulatory agencies and be exposed to civil (and perhaps even criminal) liability. While hackers are still targeting … Continue Reading
“Cyber threats cannot be eliminated but they can be managed. Cyber experts say that it is not a question of if you will have a cyber-attack, rather it is a question of when. The next question is what you … Continue Reading
Yesterday afternoon Yahoo Inc. (Yahoo) announced that user information was stolen from more than one billion accounts in August 2013. Yahoo said that the stolen information includes, “names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, … Continue Reading
As the healthcare industry continues to embrace the Internet of Things, cybersecurity may present unprecedented health and privacy risks to patients. Wireless-enabled medical devices are increasingly common. For some patients, this means that their hearts are, quite literally, connected … Continue Reading
On October 19, 2016, the Federal Reserve, the Federal Deposit Insurance Corporation and the Office of the Comptroller of the Currency (together, the “Prudential Regulators”) published an advance notice of proposed rulemaking (ANPR) that would require banks with more than … Continue Reading
St. Jude’s Medical has filed a defamation lawsuit against short-seller, Muddy Waters LLC, and cyber-security research company, MedSec Holdings, along with executives at the companies, following allegations by the companies of cybersecurity vulnerabilities in some of St. Jude’s medical devices.… Continue Reading
On Tuesday, October 4, 2016, the Department of Defense (DoD) issued a long-awaited final rule implementing statutory requirements (10 U.S.C. §§ 391, 393) as part of 32 C.F.R part 236 regarding the reporting, by defense contractors, of certain cyber incidents … Continue Reading
Businesses and financial entities continue to grapple with the increasing frequency and sophistication of hacking, displayed by the recent botnet attack that affected numerous websites on October 21, 2016, as well as the recent SWIFT hack which was used … Continue Reading
On October 18, 2016, the Federal Financial Institutions Examination Council (FFIEC) issued answers to frequently asked questions (FAQs) to clarify points in FFEIC’s Cybersecurity Assessment Tool (Assessment). FFIEC released the Assessment in June 2015 to help financial institutions identify their … Continue Reading
“The goal is to turn data into information, and information into insight.” – Carly Fiorina, former CEO, Hewlett-Packard Co.
The most valuable asset of every organization is information. Organizing, analyzing and optimizing this complex source of business intelligence … Continue Reading
On September 13, 2016, the New York Department of Financial Services (DFS) proposed new first-in-the-nation cybersecurity regulations (Regulations) that would require banks and other financial institutions to adopt minimum cybersecurity standards. In some ways the regulations are consistent with existing … Continue Reading
Somewhere in a lavish Mediterranean villa a drug lord wearing an off-white suit had a heart attack. Elsewhere a tech whiz in Silicon Valley refreshed his browser multiple times as his heart sank further with each reloaded page. And a … Continue Reading