Policy & Regulation: Page 2

Colonial CEO says ransomware hackers exploited legacy VPN

In testimony before a Senate committee, Joseph Blount took ownership for the ransom payment but said the private sector needs help to fight adversaries.

By David Jones • June 09, 2021

SCOTUS limits scope of computer fraud law. Here's the business impact

With the Supreme Court limiting the power of the Computer Fraud and Abuse Act, companies will need to rethink HR and cybersecurity policies dictating access privileges.

By Samantha Schwartz • June 04, 2021

Biden budget proposes $58B to take on legacy tech, cybersecurity

Legacy tech holds the federal government back, and agencies remain targets of advanced cyber crime. The budget proposal provides financial support to chip away at recovery.

By Katie Malone • June 03, 2021

TSA directive will add teeth to pipeline security oversight

The Transportation Security Administration will require companies to appoint a cybersecurity coordinator, and report confirmed and potential security incidents to CISA.

By Samantha Schwartz • May 27, 2021

How security and privacy can cultivate a relationship

Security and privacy are interwoven and layered throughout a company, motivated toward the end goal of data protection. Successful organizations recognize the overlap — and capitalize on it.

By Samantha Schwartz • May 20, 2021

White House to take proactive role in ransomware fight

The administration can no longer passively wait for the next cyber crisis to take hold before it decides to engage, said Anne Neuberger, a Biden administration cybersecurity official.

By David Jones • May 19, 2021

Colonial Pipeline disconnects OT systems to silo ransomware IT threat

Anxiety is rising among corporate security officials concerned about the impact of ransomware among critical infrastructure providers.

By David Jones • May 12, 2021

Cryptocurrency fuels ransomware payments. Without regulation, it could get worse

The rapid ascent of crypto, like other emerging technologies before it, has far outpaced the federal government's ability to regulate it.

By Samantha Schwartz • May 07, 2021

100-day DOE grid security push targets ICS, OT

The Department of Energy has also issued a request for information seeking recommendations for securing U.S. energy system supply chains. 

By Robert Walton • April 21, 2021

Payments industry faces potential 'destructive attacks,' Biden cybersecurity official warns

Ransomware and infrastructure attacks are the biggest threats to the industry, a Biden administration cybersecurity official told the American Transaction Processors Coalition. 

By Lynne Marek • April 09, 2021

'Advanced cyberconflict' is nearing, researchers say

Enterprises represent 35% of nation-state targets, whereas government or regulatory agencies are 12% of targets, according to the report.

By Samantha Schwartz • April 08, 2021

IoT cybersecurity law does not go far enough to protect industry

As networks become more connected and reliant on third-party sources like cloud and SaaS applications, most companies continue to have massive blind spots. 

By Justin Fier • April 05, 2021

Threat data sharing considered critical to defense amid rise in sophisticated attacks: report

A Ponemon Institute study shows the value of actionable data as lawmakers and the Biden administration work to encourage intelligence sharing. 

By David Jones • March 24, 2021

White House looks to tighten private sector coordination, gain infrastructure insight

Following the Microsoft Exchange and SolarWinds attacks, the Biden administration is taking steps to close visibility gaps and encourage rapid intelligence sharing by private sector companies. 

By David Jones • March 15, 2021

Google Cloud enters cyber insurance collaboration with Allianz, Munich Re

The agreement comes amid increased financial pressure on the cyber insurance industry due to a rise in ransomware and the historic nation-state attack against SolarWinds.

By David Jones • March 02, 2021

SolarWinds missed early security warnings

Lawmakers scrutinized SolarWinds' security practices, including its use of "solarwinds123" as a password, a lapse blamed on a former intern. 

By David Jones • March 01, 2021

Senate SolarWinds hearing turns attention to breach notification laws, intel sharing

Amazon Web Services came under fire for declining to attend the hearing as top executives emphasized the need for faster disclosure and industrywide standards.

By David Jones • Feb. 24, 2021

Water system hack reveals thousands of organizations vulnerable to Window 7 exposure

Critical infrastructure providers and SMBs continue to operate the outdated Microsoft OS without security updates and patches.

By David Jones • Feb. 19, 2021

FDA appoints first medical device cybersecurity chief

University of Michigan professor Kevin Fu will serve a one-year term as acting cyber director at the Center for Devices and Radiological Health. Experts fear the chaos of the pandemic created the perfect storm for hackers to exploit.

By Greg Slabodkin • Feb. 04, 2021

Attention to K-12 cybersecurity grows in nearly 100 bills introduced in 2020

With K-12 becoming a top target due to a combo of high-value data available and limited protection, a new report examines legislative trends.

By Roger Riddell • Feb. 01, 2021

GDPR regulators are sinking their teeth into violators. 2020's fines are proof.

The European regulation took about a year before major fines were introduced. Watchdogs are in a grey area of harnessing better privacy standards and having zero tolerance for negligent or intentional violations.

By Samantha Schwartz • Jan. 28, 2021

Privacy investments mitigate security losses, report finds

Spending on data privacy has become a priority amid new concerns about COVID-19 data and remote work environments, a study from Cisco shows.

By David Jones • Jan. 26, 2021

Cyber defense panel sees more private sector coordination following SolarWinds

Defense and intelligence experts say federal agencies need to strengthen private sector support, intelligence sharing to prevent the next big nation-state attack. 

By David Jones • Jan. 20, 2021

With cyber bureau, State Department brings diplomacy to threat landscape

CISOs and security experts see the federal bureau as a potential bridge to help align the government and private sector as nation-states pose increased threats. 

By David Jones • UPDATED: Jan. 11, 2021 at 5:39 p.m.

Democrats control Congress. Will 2021 be the year for federal privacy laws?

Don't hold your breath.

By Samantha Schwartz • Jan. 08, 2021