Regulation

Defense industry CISOs prepare for cybersecurity compliance audits

As the deadline looms for long-awaited supply chain security requirements, experts are helping contractors prepare for third-party assessments.

By David Jones • Nov. 23, 2020

Carnegie researchers seek urgent action to combat financial cyberthreats

Fintech business development and digital transformation in banking is creating opportunities for malicious actors to attack vulnerable systems.

By David Jones • Nov. 20, 2020

Ransom sanctions leave little room for companies desperate to resolve an attack

Victimized organizations are balancing the risk and cost of stalled operations and encrypted data, with federal watchdogs ready to act. Response and recovery is never going to be an easy process.

By Samantha Ann Schwartz • Nov. 20, 2020

Trump fires CISA's Krebs in slew of top cyber departures

President Donald Trump fired Christopher Krebs on Tuesday night, a week after top cyber official Bryan Ware left his post, leaving high-level national cybersecurity positions vacant.

By Katie Malone • Nov. 17, 2020

Biden faces scrutiny on key appointments and policy priorities on privacy, cybersecurity

Experts say the incoming administration has an array of former Obama administration staff and will face pressure to reform a number of fronts. 

By David Jones • Nov. 13, 2020

Zoom settles with FTC, promises to build robust security program

With Zoom's rapid user growth between December and April, the company allegedly "misled users by touting" end-to-end, 256-bit encryption, when it actually offered "lower level of security," said the FTC. 

By Samantha Ann Schwartz • Nov. 10, 2020

What will a Biden presidency mean for business tech and cyber?

As the White House leadership changes, tech and cyber policies taking root are likely to focus on more R&D and federal oversight. 

By Katie Malone • Nov. 06, 2020

No major cyber incidents reported on Election Day — but the security challenge is just beginning

Senior CISA officials confirmed throughout the day that the U.S. did not face any major cyber activity yesterday but cautioned post-Election Day is when the action really begins.

By Katie Malone • Nov. 04, 2020

California voters approve 'CCPA 2.0' ballot proposition

Proposition 24 says that if companies don't need certain details about consumers to run their business or provide services then they don't need to collect the information at all.

By Samantha Ann Schwartz • UPDATED: Nov. 4, 2020 at 3:49 p.m.

Marriott finds financial reprieve in reduced GDPR penalty

The U.K.'s Information Commissioner's Office also reduced British Airways' fine, citing economic impact of COVID-19 as a factor.

By Samantha Ann Schwartz • Nov. 02, 2020

Trump, Biden want strong cyber but differ on offense vs. defense

The presidential nominees understand the urgency around cyber efforts but are split on national data protection.

By Katie Malone • Oct. 29, 2020

US sanctions against Russia institute with malware ties only scratch at recourse

The malware, launched against a Saudi Arabia-based oil refinery in 2017, also scanned and probed at least 20 electric facilities in the U.S. in 2019.

By Samantha Ann Schwartz • Oct. 26, 2020

Gartner's 3 stages to a mature privacy program

With a patchwork of international privacy laws to consider, there isn't a one-size-fits-all privacy framework. But companies can focus on data management systems to remain compliant.

By Samantha Ann Schwartz • Oct. 21, 2020

Treasury threatens fines for ransomware payments

The math problem organizations were solving for — does recovery cost less than the ransom — must now factor in an unknown quantity: fines.

By Samantha Ann Schwartz • Oct. 02, 2020

Commission amends cyber recommendations to reflect COVID-19 vulnerabilities

Four new recommendations are divided between two sections specific to the pandemic: cybersecurity challenges and lessons in cyber preparedness.

By Samantha Ann Schwartz • June 02, 2020