The latest compliance technology and best practices to help organizations meet data privacy and security requirements.
Businesses that have spent the past three-plus years adapting to the European Union’s far-reaching data privacy law now have to decide how they will respond to a similar law in China that has been criticized as being more vague in its wording and harsher in its penalties. China’s Personal Information and Privacy Law (PIPL), enacted…
It’s been an active week for security vulnerabilities, with MITRE and the U.S. Cybersecurity & Infrastructure Agency (CISA) revealing hundreds of critical vulnerabilities. CISA ordered federal agencies to patch a list of nearly 300 vulnerabilities, and encouraged private organizations to fix them too. CISA said the list will be updated as any vulnerability meets three…
As threat actors aim at IT supply chains, enhanced cybersecurity has been the recent driving force for industry adoption of the Software Bill of Materials (SBOM) framework. With a simple list of components that make up a software product, SBOMs enhance transparency between software buyers and sellers, provide the necessary visibility to identify vulnerabilities, and…
Apple continues to be haunted by spyware developed by an Israeli security firm that hostile governments used to hack into Apple devices to spy on journalists, activists and world leaders (see Apple Security Under Scrutiny Amid Fallout from NSO Spyware Scandal). News of the nefarious uses of NSO Group’s Pegasus software first surfaced in July.…
The increasing mobility of data, as it ping-pongs between clouds, data centers and the edge, has made it an easier target of cybercrime groups, which has put a premium on the encryption of that data in recent years. Cybersecurity vendors have stepped up, developing strong and efficient ways to encrypt data both while it’s at…
The National Security Council is sending a memo to U.S. companies urging them to take the ransomware threat more seriously as the Biden Administration ramps up its responses following recent attacks linked to Russia-based hacker groups on two major corporations. In the open letter dated June 3, Anne Neuberger, the NSC’s cybersecurity adviser, said that…
The explosion of ransomware and similar cyber incidents along with rising associated costs is convincing a growing number of insurance companies to raise the premiums on their cyber insurance policies or reduce coverage, moves that could further squeeze organizations under siege from hackers. A report this month from the Government Accountability Office (GAO) found that…
The European Union’s new General Data Protection Regulation (GDPR) has ushered in sweeping new data privacy and security regulations – and with it a new way of doing business for security vendors. The implementation deadline of May 25, 2018 has come and gone, and now enterprises across the globe are grappling with how GDPR affects…
When the California Consumer Privacy Act (CCPA) – sometimes referred to as AB-375 – takes effect on Jan. 1, 2020, it will impose a host of obligations on all but the smallest companies that do business with California residents. The risks for businesses that don’t comply with CCPA are severe: They can be fined up…
The EU’s General Data Protection Regulation (GDPR) was implemented a year ago on May 25, 2018. The sweeping data privacy law offers individual users the “right to be forgotten,” requires notification within 72 hours of the discovery of a data breach, and threatens companies with fines of as much as 4 percent of annual revenue…