Policy & Regulation: Page 5


  • stock image
    Image attribution tooltip
    Retrieved from Pixabay.
    Image attribution tooltip

    CISA warns of threat groups exploiting Unitronics PLCs in water treatment hacks

    The Unitronics warning follows an Iran-linked hack of a Pennsylvania water treatment facility.

    By Updated Nov. 29, 2023
  • Data Breach Button on Computer Keyboard
    Image attribution tooltip
    GOCMEN via Getty Images
    Image attribution tooltip

    NY reaches $1M breach settlement with First American Title Insurance

    The company exposed millions of documents of non-public customer data, through a vulnerability in a proprietary application.

    By Nov. 28, 2023
  • CISA Director Jen Easterly
    Image attribution tooltip

    Center for Strategic and International Studies

    Image attribution tooltip

    Authorities pushing for secure AI development practices

    CISA and the U.K.’s cyber agency released the guidelines as part of a global effort to ensure AI is developed using security as a core component. 

    By Nov. 27, 2023
  • Finance chiefs need to tick off these key action items to get ahead of year-end.
    Image attribution tooltip
    Getty Images via Getty Images
    Image attribution tooltip

    SEC’s cyber disclosure rules: Key considerations for the board, C-suite and risk managers

    Each business stakeholder has a different cyber risk management responsibility. Given the SEC’s coming disclosure rules, it’s even more important to outline who owns what. 

    By Chris Tarbell, Dave Franzel and Greg Van Houten • Nov. 27, 2023
  • Exterior of Citrix office complex.
    Image attribution tooltip
    Justin Sullivan/Getty Images via Getty Images
    Image attribution tooltip

    CitrixBleed worries mount as nation state, criminal groups launch exploits

    LockBit 3.0 affiliates targeted a unit of Boeing and federal authorities have alerted almost 300 organizations they are vulnerable to attack.

    By Nov. 22, 2023
  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
    Image attribution tooltip

    CISA explains how to apply secure-by-design principles

    The focus should be on what manufacturers are doing to keep their customers safe, not the damage attackers might be inflicting, CISA’s Bob Lord said. 

    By Nov. 20, 2023
  • Spider web
    Image attribution tooltip
    Matt Cardy / Getty Images Europe via Getty Images
    Image attribution tooltip

    Threat actors behind Las Vegas casino attacks are social-engineering mavens

    Scattered Spider threat actors are attacking large companies and their IT help desks to steal data for extortion, according to federal cyber authorities.

    By Nov. 17, 2023
  • Cyber internet security and privacy concept. Database storage 3d illustration.
    Image attribution tooltip
    JuSun via Getty Images
    Image attribution tooltip

    FCC proposes 3-year cybersecurity pilot for schools, libraries

    The agency will seek public comment on the proposal, which will explore how the Universal Service Fund can support school and library cyber concerns.

    By Roger Riddell • Nov. 17, 2023
  • Woman in a black suit stands behind a podium with a sign that reads "enhancing cybersecurity protecting New Yorkers."
    Image attribution tooltip
    Courtesy of Darren McGee/ Office of Governor Kathy Hochul
    Image attribution tooltip

    New York proposes ‘nation-leading’ hospital cybersecurity regulations

    The rules, which would require facilities to develop response plans and hire a chief information security officer, aim to safeguard hospitals from growing threats and keep them operating during an attack.

    By Emily Olsen • Nov. 13, 2023
  • CISA Director Jen Easterly
    Image attribution tooltip

    Center for Strategic and International Studies

    Image attribution tooltip

    As Congress weighs budget priorities, top cyber execs urge CISA funding support

    The group, led by Tenable CEO Amit Yoran, raised concerns that significant cuts to the agency would undermine efforts to combat rising threats to critical infrastructure and federal systems.

    By Nov. 10, 2023
  • A facade of the White House in Washington, D.C.
    Image attribution tooltip
    Nick van Bree via Getty Images
    Image attribution tooltip

    Countries pledge to not pay ransoms, but experts question impact

    There is no mandate to ban governments or businesses from paying ransom demands, but the pledge could be a step toward that outcome.

    By Nov. 6, 2023
  • Microsoft's visitor center at its Redmond campus.
    Image attribution tooltip
    Stephen Brashear via Getty Images
    Image attribution tooltip

    Microsoft overhauls cyber strategy to finally embrace security by default

    The plan follows major backlash Microsoft experienced earlier this year for charging customers for additional security features. 

    By Nov. 3, 2023
  • Federal Trade Commission
    Image attribution tooltip
    Carol Highsmith. (2005). "The Apex Building" [Photo]. Retrieved from Wikimedia Commons.
    Image attribution tooltip

    Non-bank financial institutions must report data security breaches: FTC

    The amendment to the FTC’s Safeguards Rule requires non-banking financial institutions to disclose data breaches within 30 days.

    By Rajashree Chakravarty • Nov. 2, 2023
  • Close up of Gary Gensler speaking during a senate hearing
    Image attribution tooltip
    Kevin Dietsch/Getty Images via Getty Images
    Image attribution tooltip

    For the SEC, the fraud case against SolarWinds is a cybersecurity warning shot

    Legal, risk management and cybersecurity experts say companies are now on notice to prioritize internal controls, investor transparency and material disclosure requirements.

    By Nov. 2, 2023
  • Glasses, coding and reflection with business man reading software development analytics, database and system error report for information technology.
    Image attribution tooltip
    Kobus Louw via Getty Images
    Image attribution tooltip

    Global cybersecurity workforce grows, but still confronts shortfall of 4M people

    Despite growing to 5.5 million professionals worldwide, a study by ISC2 shows the industry still needs millions of qualified workers to defend against rising digital threats.

    By Oct. 31, 2023
  • SolarWinds
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by ismagilov via Getty Images
    Image attribution tooltip

    SEC charges SolarWinds, its CISO with fraud

    The company allegedly misled investors regarding its cybersecurity practices and failed to disclose known risks, according to a complaint.

    By Updated Oct. 31, 2023
  • Female IT Server Specialist Standing in Data Center. View from Rack Server Cabinet with Cloud Server User Interface Icons and Visualization in the Foreground.
    Image attribution tooltip
    gorodenkoff via Getty Images
    Image attribution tooltip

    CISA targets software identification in push to boost supply chain security

    The plan is part of a wider effort to boost software security using vulnerability management and SBOMs.

    By Oct. 27, 2023
  • Activision
    Image attribution tooltip
    jeenah Moon via Getty Images
    Image attribution tooltip

    Microsoft extends security log retention following State Department hacks

    Government and private sector customers will be able to search cloud data records for malicious threat activity by default.

    By Oct. 23, 2023
  • Two people sitting at a table with financial documents and a calculator
    Image attribution tooltip
    Daenin Arnee via Getty Images
    Image attribution tooltip

    FAIR Institute wants to quantify just how much a cyberattack costs

    The risk-management body is trying to create a standard to estimate material cyber attack costs and help stakeholders better understand risk.

    By Oct. 20, 2023
  • CISA Director Jen Easterly speaks at Carnegie Mellon University urging the tech industry to embrace secure-by-design product development.
    Image attribution tooltip
    Permission granted by Carnegie Mellon University
    Image attribution tooltip

    CISA launches new phase of Secure by Design to push global industry on software security

    The agency plans an RFI on secure engineering, while adding guidance on AI security and emphasizing default security that does not require customer configurations.

    By Oct. 18, 2023
  • stock image
    Image attribution tooltip
    Retrieved from Pixabay.
    Image attribution tooltip

    EPA rescinds rule to include cybersecurity in water system audits after legal challenge

    The Biden administration said it will continue efforts to reduce cyber risk in critical infrastructure sectors.

    By Oct. 16, 2023
  • Server room (Sefa Ozel/Getty)
    Image attribution tooltip
    Sefa Ozel/Getty via Getty Images
    Image attribution tooltip

    CISA’s top 10 misconfigurations reveal ‘systemic weaknesses’

    Common mistakes including poor credential management, weak MFA and lackluster patching continue to harm large enterprises.

    By Oct. 16, 2023
  • An engineer works with robotic arms in a factory using AI.
    Image attribution tooltip
    greenbutterfly via Getty Images
    Image attribution tooltip

    Federal agencies press OT/ICS providers on open-source security

    The U.S. is scrutinizing the security of critical infrastructure providers, which are becoming more dependent on connected infrastructure.

    By Oct. 12, 2023
  • Law flat icon on wooden block cube with calculator and pencil on dollar bank note money,
    Image attribution tooltip
    grapestock via Getty Images
    Image attribution tooltip

    Progress Software’s financial hit from MOVEit cuts deeper

    With insurance coverage dwindling, and class-action lawsuits and financial restitution claims piling up, more trouble could be on the way for the software company.

    By Oct. 11, 2023
  • Jen Easterly speaks during a fireside chat at the Billington Cybersecurity Summit.
    Image attribution tooltip
    Courtesy of Billington
    Image attribution tooltip

    CISA pivots focus to China-linked threats against critical infrastructure

    The agency now considers China the top nation-state threat, after a heavy emphasis on risks related to the Russia-Ukraine war.

    By Oct. 5, 2023