Regulation

Google Cloud enters cyber insurance collaboration with Allianz, Munich Re

The agreement comes amid increased financial pressure on the cyber insurance industry due to a rise in ransomware and the historic nation-state attack against SolarWinds.

By David Jones • March 02, 2021

SolarWinds missed early security warnings

Lawmakers scrutinized SolarWinds' security practices, including its use of "solarwinds123" as a password, a lapse blamed on a former intern. 

By David Jones • March 01, 2021

Senate SolarWinds hearing turns attention to breach notification laws, intel sharing

Amazon Web Services came under fire for declining to attend the hearing as top executives emphasized the need for faster disclosure and industrywide standards.

By David Jones • Feb. 24, 2021

Water system hack reveals thousands of organizations vulnerable to Window 7 exposure

Critical infrastructure providers and SMBs continue to operate the outdated Microsoft OS without security updates and patches.

By David Jones • Feb. 19, 2021

FDA appoints first medical device cybersecurity chief

University of Michigan professor Kevin Fu will serve a one-year term as acting cyber director at the Center for Devices and Radiological Health. Experts fear the chaos of the pandemic created the perfect storm for hackers to exploit.

By Greg Slabodkin • Feb. 04, 2021

Attention to K-12 cybersecurity grows in nearly 100 bills introduced in 2020

With K-12 becoming a top target due to a combo of high-value data available and limited protection, a new report examines legislative trends.

By Roger Riddell • Feb. 01, 2021

GDPR regulators are sinking their teeth into violators. 2020's fines are proof.

The European regulation took about a year before major fines were introduced. Watchdogs are in a grey area of harnessing better privacy standards and having zero tolerance for negligent or intentional violations.

By Samantha Schwartz • Jan. 28, 2021

Privacy investments mitigate security losses, report finds

Spending on data privacy has become a priority amid new concerns about COVID-19 data and remote work environments, a study from Cisco shows.

By David Jones • Jan. 26, 2021

Cyber defense panel sees more private sector coordination following SolarWinds

Defense and intelligence experts say federal agencies need to strengthen private sector support, intelligence sharing to prevent the next big nation-state attack. 

By David Jones • Jan. 20, 2021

With cyber bureau, State Department brings diplomacy to threat landscape

CISOs and security experts see the federal bureau as a potential bridge to help align the government and private sector as nation-states pose increased threats. 

By David Jones • UPDATED: Jan. 11, 2021 at 5:39 p.m.

Democrats control Congress. Will 2021 be the year for federal privacy laws?

Don't hold your breath.

By Samantha Schwartz • Jan. 08, 2021

Federal task force says Russia likely actor behind SolarWinds attack

As investigations continue, agencies are working to preserve private-sector trust.

By David Jones , Samantha Schwartz • Jan. 05, 2021

FDIC, OCC proposal would give banks 36 hours to report cyberattacks

Under the proposal, a bank's technology vendor would have to immediately notify customers if an incident disrupted services for four hours or more.

By Dan Ennis • Dec. 17, 2020

Federal agencies warn of heightened cyberthreats against K-12 schools

Cyberattackers are trying to steal data and disrupt remote learning as COVID-19 continues to impact schools, the FBI, CISA and MS-ISAC said. 

By David Jones • Dec. 11, 2020

Weighing the risks of disclosing a cyber incident

Not telling law enforcement or a regulator is an admission by an organization: We do not consider this cyber incident reportable.

By Samantha Schwartz • Dec. 10, 2020

National defense bill is heavy on cyber. What it means for the private sector.

The recommendations are intended to remedy areas of distrust and construct a more resilient cyber infrastructure, regardless of sector.

By Samantha Schwartz • Dec. 07, 2020

IoT cyber bill clears Congress — what's next for industry players?

Long-awaited legislation is seen as a springboard to widespread adoption of standards across the booming connected-devices industry.

By David Jones • Dec. 03, 2020

Supreme Court decision on computer fraud law hinges on one word — 'so'

If the court rules in favor of the government, the Computer Fraud and Abuse Act could broadly apply to ethical hacking and common consumer activities.

By Samantha Schwartz • Dec. 01, 2020

A cyber stakeholder's guide to Van Buren v. US

The Supreme Court could determine what constitutes the limits of authorized computer access under the Computer Fraud and Abuse Act. Should this issue be left for Congress?

By Samantha Schwartz • Nov. 30, 2020

Technologists grapple with privacy, bias as AI inches closer to customers

Industry must contend with the ethical challenges of building AI as the technology expands in physical and digital customer touchpoints.

By Roberto Torres • Nov. 30, 2020

Home Depot codifies data reforms in $17.5M breach settlement with states

The home improvement retailer reached a $17.5 million settlement following a multistate investigation into its 2014 hacking.

By David Jones • Nov. 25, 2020

Defense industry CISOs prepare for cybersecurity compliance audits

As the deadline looms for long-awaited supply chain security requirements, experts are helping contractors prepare for third-party assessments.

By David Jones • Nov. 23, 2020

Carnegie researchers seek urgent action to combat financial cyberthreats

Fintech business development and digital transformation in banking is creating opportunities for malicious actors to attack vulnerable systems.

By David Jones • Nov. 20, 2020

Ransom sanctions leave little room for companies desperate to resolve an attack

Victimized organizations are balancing the risk and cost of stalled operations and encrypted data, with federal watchdogs ready to act. Response and recovery is never going to be an easy process.

By Samantha Schwartz • Nov. 20, 2020

Trump fires CISA's Krebs in slew of top cyber departures

President Donald Trump fired Christopher Krebs on Tuesday night, a week after top cyber official Bryan Ware left his post, leaving high-level national cybersecurity positions vacant.

By Katie Malone • Nov. 17, 2020