Policy & Regulation: Page 2


  • Close up of Gary Gensler speaking during a senate hearing
    Image attribution tooltip
    Kevin Dietsch/Getty Images via Getty Images
    Image attribution tooltip

    What the SEC weighed in finalizing the cyber disclosure rules

    The SEC's head of the corporate finance division said the burden of meeting compliance and fears of tipping off threat groups were carefully considered prior to final recommendations.

    By Dec. 18, 2023
  • Harry Coker Jr. testifies before Senate Homeland Security and Governmental Affairs Committee.
    Image attribution tooltip
    Kevin Dietsch / Staff via Getty Images
    Image attribution tooltip

    Senate confirms Harry Coker Jr. as national cyber director

    The national security veteran assumes the role at a critical time, tasked with implementing the White House’s national cybersecurity strategy.

    By Dec. 13, 2023
  • SolarWinds
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by ismagilov via Getty Images
    Image attribution tooltip

    Check Point Software in SEC settlement talks in connection with SolarWinds probe

    The cybersecurity firm provided documents and other information related to the 2020 supply chain hack of the SolarWinds Orion platform.

    By Dec. 13, 2023
  • The front of the agency headquarters, reading "United States Security and Exchange Commission" and the number 450 as a man walks in a glass door at the bottom left of the frame.
    Image attribution tooltip
    Mark Wilson/Newsmakers via Getty Images
    Image attribution tooltip

    FBI to field SEC cyber incident disclosure delay requests

    Publicly-traded companies can request incident disclosure delays, but the bar is high. A filing would have to pose a significant threat to public safety or national security.

    By Dec. 12, 2023
  • Anne Neuberger deputy national security advisor for cyber and emerging technologies, speaks at the Billington Cybersecurity Summit with Brad Medairy, EVP, Booz Allen.
    Image attribution tooltip
    Courtesy of Billington CyberSecurity Summit
    Image attribution tooltip

    White House wants to set minimum cyber standards for hospitals, healthcare

    The sector has faced a wave of ransomware linked to the critical CitrixBleed vulnerability, which has led to major attacks from LockBit and other threat groups.

    By Dec. 11, 2023
  • Brightly colored digital lock with central computer processor and futuristic circuit board.
    Image attribution tooltip
    da-kuk via Getty Images
    Image attribution tooltip

    2 years on, Log4j still haunts the security community

    Research from Veracode shows nearly 2 in 5 applications are still running vulnerable versions. 

    By Dec. 8, 2023
  • CISA Director Jen Easterly, RSA Conference 2022
    Image attribution tooltip
    Matt Kapko/Cybersecurity Dive
    Image attribution tooltip

    CISA performance goals program trims exploited CVEs

    Organizations enrolled in the agency’s vulnerability scanning program are showing improved security, but the reduction in exploitable internet-facing services is incremental.

    By Dec. 6, 2023
  • A round industrial building behind a pool of water with a walkway over top
    Image attribution tooltip
    (2008). Retrieved from Environmental Protection Agency.
    Image attribution tooltip

    Water utility cyberattacks underscore ongoing threat to OT

    U.S. officials urged water utilities and industrial sites to employ basic configuration safeguards like securing internet-facing devices and changing default passwords following a series of attacks.

    By Dec. 5, 2023
  • stock image
    Image attribution tooltip
    Retrieved from Pixabay.
    Image attribution tooltip

    CISA warns of threat groups exploiting Unitronics PLCs in water treatment hacks

    The Unitronics warning follows an Iran-linked hack of a Pennsylvania water treatment facility.

    By Updated Nov. 29, 2023
  • Data Breach Button on Computer Keyboard
    Image attribution tooltip
    GOCMEN via Getty Images
    Image attribution tooltip

    NY reaches $1M breach settlement with First American Title Insurance

    The company exposed millions of documents of non-public customer data, through a vulnerability in a proprietary application.

    By Nov. 28, 2023
  • CISA Director Jen Easterly
    Image attribution tooltip

    Center for Strategic and International Studies

    Image attribution tooltip

    Authorities pushing for secure AI development practices

    CISA and the U.K.’s cyber agency released the guidelines as part of a global effort to ensure AI is developed using security as a core component. 

    By Nov. 27, 2023
  • Finance chiefs need to tick off these key action items to get ahead of year-end.
    Image attribution tooltip
    Getty Images via Getty Images
    Image attribution tooltip

    SEC’s cyber disclosure rules: Key considerations for the board, C-suite and risk managers

    Each business stakeholder has a different cyber risk management responsibility. Given the SEC’s coming disclosure rules, it’s even more important to outline who owns what. 

    By Chris Tarbell, Dave Franzel and Greg Van Houten • Nov. 27, 2023
  • Exterior of Citrix office complex.
    Image attribution tooltip
    Justin Sullivan/Getty Images via Getty Images
    Image attribution tooltip

    CitrixBleed worries mount as nation state, criminal groups launch exploits

    LockBit 3.0 affiliates targeted a unit of Boeing and federal authorities have alerted almost 300 organizations they are vulnerable to attack.

    By Nov. 22, 2023
  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
    Image attribution tooltip

    CISA explains how to apply secure-by-design principles

    The focus should be on what manufacturers are doing to keep their customers safe, not the damage attackers might be inflicting, CISA’s Bob Lord said. 

    By Nov. 20, 2023
  • Spider web
    Image attribution tooltip
    Matt Cardy / Getty Images Europe via Getty Images
    Image attribution tooltip

    Threat actors behind Las Vegas casino attacks are social-engineering mavens

    Scattered Spider threat actors are attacking large companies and their IT help desks to steal data for extortion, according to federal cyber authorities.

    By Nov. 17, 2023
  • Cyber internet security and privacy concept. Database storage 3d illustration.
    Image attribution tooltip
    JuSun via Getty Images
    Image attribution tooltip

    FCC proposes 3-year cybersecurity pilot for schools, libraries

    The agency will seek public comment on the proposal, which will explore how the Universal Service Fund can support school and library cyber concerns.

    By Roger Riddell • Nov. 17, 2023
  • Woman in a black suit stands behind a podium with a sign that reads "enhancing cybersecurity protecting New Yorkers."
    Image attribution tooltip
    Courtesy of Darren McGee/ Office of Governor Kathy Hochul
    Image attribution tooltip

    New York proposes ‘nation-leading’ hospital cybersecurity regulations

    The rules, which would require facilities to develop response plans and hire a chief information security officer, aim to safeguard hospitals from growing threats and keep them operating during an attack.

    By Emily Olsen • Nov. 13, 2023
  • CISA Director Jen Easterly
    Image attribution tooltip

    Center for Strategic and International Studies

    Image attribution tooltip

    As Congress weighs budget priorities, top cyber execs urge CISA funding support

    The group, led by Tenable CEO Amit Yoran, raised concerns that significant cuts to the agency would undermine efforts to combat rising threats to critical infrastructure and federal systems.

    By Nov. 10, 2023
  • A facade of the White House in Washington, D.C.
    Image attribution tooltip
    Nick van Bree via Getty Images
    Image attribution tooltip

    Countries pledge to not pay ransoms, but experts question impact

    There is no mandate to ban governments or businesses from paying ransom demands, but the pledge could be a step toward that outcome.

    By Nov. 6, 2023
  • Microsoft's visitor center at its Redmond campus.
    Image attribution tooltip
    Stephen Brashear via Getty Images
    Image attribution tooltip

    Microsoft overhauls cyber strategy to finally embrace security by default

    The plan follows major backlash Microsoft experienced earlier this year for charging customers for additional security features. 

    By Nov. 3, 2023
  • Federal Trade Commission
    Image attribution tooltip
    Carol Highsmith. (2005). "The Apex Building" [Photo]. Retrieved from Wikimedia Commons.
    Image attribution tooltip

    Non-bank financial institutions must report data security breaches: FTC

    The amendment to the FTC’s Safeguards Rule requires non-banking financial institutions to disclose data breaches within 30 days.

    By Rajashree Chakravarty • Nov. 2, 2023
  • Close up of Gary Gensler speaking during a senate hearing
    Image attribution tooltip
    Kevin Dietsch/Getty Images via Getty Images
    Image attribution tooltip

    For the SEC, the fraud case against SolarWinds is a cybersecurity warning shot

    Legal, risk management and cybersecurity experts say companies are now on notice to prioritize internal controls, investor transparency and material disclosure requirements.

    By Nov. 2, 2023
  • Glasses, coding and reflection with business man reading software development analytics, database and system error report for information technology.
    Image attribution tooltip
    Kobus Louw via Getty Images
    Image attribution tooltip

    Global cybersecurity workforce grows, but still confronts shortfall of 4M people

    Despite growing to 5.5 million professionals worldwide, a study by ISC2 shows the industry still needs millions of qualified workers to defend against rising digital threats.

    By Oct. 31, 2023
  • SolarWinds
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by ismagilov via Getty Images
    Image attribution tooltip

    SEC charges SolarWinds, its CISO with fraud

    The company allegedly misled investors regarding its cybersecurity practices and failed to disclose known risks, according to a complaint.

    By Updated Oct. 31, 2023
  • Female IT Server Specialist Standing in Data Center. View from Rack Server Cabinet with Cloud Server User Interface Icons and Visualization in the Foreground.
    Image attribution tooltip
    gorodenkoff via Getty Images
    Image attribution tooltip

    CISA targets software identification in push to boost supply chain security

    The plan is part of a wider effort to boost software security using vulnerability management and SBOMs.

    By Oct. 27, 2023