SEC votes to overhaul disclosure rules for material cyber events

After a fierce debate, the agency voted to require companies to come clean on material breaches and attacks within four business days of determination.

By David Jones • July 26, 2023

To execute the national cyber strategy, it’s going to take the whole US government

Experts applaud the desired outcomes, but the tasks and responsibilities now assigned to agencies underscore the challenges that lie ahead.

By Matt Kapko • July 25, 2023

New York cyber lead warns of what states face in critical infrastructure defense

Government agencies and the private sector must work collaboratively to combat increasingly sophisticated threat activity, Colin Ahern said.

By David Jones • July 25, 2023

White House secures safety commitments from 7 AI companies

OpenAI, Microsoft and Google are among the companies committing to robust testing and investments in cybersecurity safeguards to defend AI models prior to release.

By Lindsey Wilkinson • July 21, 2023

US government plays catchup on phishing-resistant MFA

Security tools have evolved to include more accessible protocols that meet stringent authentication requirements. The government wants to embrace that.

By Matt Kapko • July 20, 2023

Microsoft offers free security logs amid backlash from State Department hack

Federal officials and rivals blasted the company for charging customers for additional security features.

By David Jones • July 19, 2023

UKG agrees to pay up to $6M in lawsuit tied to 2021 breach

The payroll services provider reached an agreement to settle a class action lawsuit tied to a ransomware attack that targeted its Kronos Private Cloud service.

By Matt Kapko • July 18, 2023

White House unveils consumer labeling program to strengthen IoT security

The voluntary program is designed to protect millions of consumers and remote workers amid increased threat activity against smart home and IoT devices.

By David Jones • July 18, 2023

FCC chair proposes $200M investment to boost K-12 cybersecurity

The funds would go toward a three-year pilot program aimed at enhancing cybersecurity protections for school and library networks.

By Anna Merod • July 14, 2023

Fed ends Capital One breach-related enforcement action

The Office of the Comptroller of the Currency 10 months earlier freed the bank from a separate consent order tied to a former AWS employee’s hack that exposed the data of 106 million customers.

By Dan Ennis • July 13, 2023

White House shares the 69 initiatives slated to shore up national cybersecurity

“If the strategy represents the president’s vision for the future, then this implementation plan is the roadmap to get there,” Acting National Cyber Director Kemba Walden said.

By Matt Kapko • July 13, 2023

Microsoft warns China-linked APT actor hacked US agency, other email accounts

U.S. officials alerted Microsoft about what emerged as a targeted, monthlong hacking campaign.

By David Jones • July 12, 2023

IronNet in NYSE compliance crosshairs after failing to file quarterly earnings on time

Management at the cybersecurity firm has been in talks on a deal to raise additional capital and go private. 

By David Jones • July 6, 2023

White House releases cyber budget priorities for fiscal year 2025

Federal agencies are advised to demonstrate how their spending aligns with the national cybersecurity strategy.

By Matt Kapko • June 29, 2023

SEC notifies SolarWinds CISO and CFO of possible action in cyber investigation

Executives were alerted to possible enforcement action related to the Russia-linked supply chain attack.

By David Jones • June 26, 2023

SEC delays final rule on cyber incident disclosure as industry pushes back

The agency was seeking prompt reporting of material cyber breaches and attacks, but faced a range of concerns from stakeholders.

By David Jones • June 16, 2023

Cloud services seen as key tool in shifting balance of cyber risk

The acting national cyber director says more oversight may be necessary, but a resilient cloud infrastructure is critical to the national cybersecurity strategy.

By David Jones • June 12, 2023

Existing security policy for critical infrastructure needs major overhaul, commission says

The Cyberspace Solarium Commission 2.0 says the federal relationship with the private sector is based on outdated policy.

By David Jones • June 7, 2023

FTC chair warns that AI businesses must still operate within existing laws

The rapidly expanding technology cannot be used for fraud or discrimination and dominant players must allow the market to remain competitive, Lina Khan said Thursday.

By David Jones • June 2, 2023

CISA updates ransomware guide 3 years after its debut

The #StopRansomware guide, updated in partnership with the FBI, NSA and MS-ISAC, reflects aggressive new techniques used by threat actors, including double extortion.

By David Jones • May 24, 2023

Critical infrastructure security spending to grow 83% by 2027: ABI Research

Analysts forecast cybersecurity spending among critical infrastructure organizations to grow from an estimated $129 billion in 2022 to almost $236 billion by 2027.

By Matt Kapko • May 19, 2023

Why and how to report a ransomware attack

The majority of ransomware attacks go unreported, creating a blind spot that hampers response, recovery efforts and the prevention of future attacks.

By Matt Kapko • May 18, 2023

House hearing details cyber resilience efforts for energy, water and healthcare

Officials from the Department of Health and Human Services, Environmental Protection Agency and the Department of Energy testified how sector agencies are responding to rising threats.

By David Jones • May 17, 2023

Flood of ransom payments continues as officials mull ban

The revived debate over the viability of a ransom payment ban comes down to the cost ransomware is causing organizations globally.

By Matt Kapko • May 11, 2023

CISA director wary of technology industry repeating its mistakes with AI

The multibillion-dollar cybersecurity industry is the result of misaligned incentives, where speed-to-market outranked security, Jen Easterly said. 

By Naomi Eide • May 11, 2023