Cyber-Security


Nailedit1200x800

Credit to JPMorgan Chase in this week’s banking-themed naughty/nice list

2020-09-10T21:14:00+01:00By Compliance Week

JPMorgan Chase, Danske Bank, Deutsche Bank, and Bank of America all either “Nailed It” or “Failed It” this week.

EU US privacy

European Commission: No Privacy Shield replacement in sight

2020-09-04T15:57:00+01:00By

The European Commission this week warned there will be “no quick fix” to replace the now-invalidated Privacy Shield, which governed data transfers between the European Union and United Sates.

Nailedit1200x800

Credit social media giants for prepping for election chaos

2020-09-03T18:12:00+01:00By Compliance Week

Silicon Valley’s social media heavyweights deserve a nod for “war-gaming” potential misinformation scenarios in advance of November’s elections, while McDonald’s again finds itself on our “Not Lovin’ It” list.

Paul C. Dwyer

Q&A: New training takes compliance leaders on ‘non-technical’ cyber-journey

2020-08-27T16:28:00+01:00By

A new training offered by renown expert Paul C. Dwyer helps non-technical practitioners gain confidence in dealing with all aspects of cyber-security or cyber-risk.

COVID-Prep

Survey: Coronavirus revealed weaknesses in companies’ GRC, data processes

2020-08-24T14:13:00+01:00By

A recent survey from Compliance Week and Riskonnect of 261 compliance and audit professionals found that half of the respondents were not prepared for the coronavirus pandemic with an updated crisis management plan.

Uber

Uber’s former security chief charged in data breach cover-up

2020-08-21T15:01:00+01:00By

Uber’s former security chief has been charged in connection with an alleged cover-up of a 2016 data breach that compromised millions of people’s personally identifiable information.

Employee monitoring

How far is too far with employee monitoring? Barclays case could offer litmus

2020-08-20T14:54:00+01:00By

The U.K. Information Commissioner’s Office is investigating allegations that Barclays Bank had effectively been spying on employees by using an intrusive software system that monitored workers’ activity.

columnist icons - kyle

Trump’s TikTok crusade a hollow win for privacy

2020-08-19T16:44:00+01:00By

There’s no questioning the need to protect the data of U.S. citizens from China, but it’s naïve to think pressuring TikTok to take up a U.S. owner is anything more than a hollow victory given our lack of federal oversight in the area of privacy.

Carnival

Carnival discloses ransomware attack

2020-08-19T16:05:00+01:00By

Carnival Corp., already hit with a complete halt of business since April due to the coronavirus pandemic, is the latest major company to reveal the discovery of a ransomware attack.

Nailedit1200x800

McDonald’s handling of ex-CEO scandal gets compliments, criticism

2020-08-13T14:37:00+01:00By Compliance Week

A fresh podcast from the Theranos whistleblower and a new compliance association for Black practitioners get a round of applause from us this week, while a complicated case involving McDonald’s lands the company on both the “Nailed It” and “Failed It” lists.

CapitaoOneStory

OCC fines Capital One $80M over 2019 data breach

2020-08-07T17:10:00+01:00By

Capital One and Capital One Bank (USA) were fined $80 million for failing to establish sound risk management processes and internal controls related to the company’s data breach last year.

Twitter

Twitter could face up to $250M FTC fine for misuse of data

2020-08-04T15:34:00+01:00By

Twitter disclosed in a regulatory filing that it could face fines of up to $250 million by the Federal Trade Commission for misusing people’s personal information for advertising purposes.

Data money

IBM report: Average data breach cost nearly $4M in past year

2020-07-30T16:41:00+01:00By

An IBM report that examined more than 500 cyber-security breaches occurring between August 2019 and April 2020 found the average breach costs companies $3.86 million and requires nearly 300 days to identify and contain.

cybergrx300x200

CPE Webcast: Digital transformation & cyber risk: What you need to know

2020-07-28T14:00:00+01:00Provided by

Join Larry Ponemon, founder of Ponemon Institute, and Dave Stapleton, CISO of CyberGRX, as they discuss the impact digital transformation is having on cyber-security and some best practices you can implement to better protect your organization.

Nailedit1200x800

Nailed It or Failed It? Disney sends anti-hate message to Facebook

2020-07-22T18:30:00+01:00By Compliance Week

In this week’s “Nailed It or Failed It?”, Disney gets kudos for throwing its weight behind the #StopHateForProfit protest, while PG&E earns criticism after being found responsible for yet another California wildfire.

NYStateLaw

First American first charged with NYDFS cyber-regulation abuses

2020-07-22T18:17:00+01:00By

First American Title Insurance Company has become the first firm to face charges alleging violations of the New York State Department of Financial Services’ Cybersecurity Regulation.

Twitter

Twitter cyber-attack should be wake-up call for firms

2020-07-21T17:57:00+01:00By Jake Plenderleith, International Compliance Association

The recent cyber-attack directed at Twitter was the online equivalent of an explosive device being detonated. The ICA breaks down lessons learned from the hack and what firms can do to enhance their cyber-security controls.

FightFraudData

Using data to fight fraud fire with fire

2020-07-21T13:42:00+01:00By

When it comes to ferreting out and thwarting fraud, one must think like the fraudster, advises financial crime expert Martin Woods, who offers tips on using data to make your firm a hostile environment for bad actors.

Twitter fail

How Twitter got hacked, and what you can learn from it

2020-07-16T20:43:00+01:00By

Twitter just suffered the biggest cyber-attack in its history. But is it being set up for something bigger? We explore that possibility and much more.

Twitter

Giant Twitter hack impacts Joe Biden, Barack Obama, Bill Gates, others

2020-07-15T22:40:00+01:00By DeAnn Orie

Perhaps the biggest Twitter hack of all time was perpetrated Wednesday against such notable figures as Joe Biden, Bill Gates, Elon Musk, former President Barack Obama, and Jeff Bezos, among others.

Ransomware

OCIE issues ransomware alert to financial services

2020-07-15T14:49:00+01:00By DeAnn Orie

The SEC’s Office of Compliance Inspections and Examinations is advising financial firms to beware of a rise in more sophisticated ransomware attacks.

AI United States

Study: U.S. largest target for ‘significant’ cyber-attacks

2020-07-13T15:55:00+01:00By

The United States has been on the receiving end of more significant cyber-attacks over the last 14 years than triple any other country, according to new research.

cybergrx digital transformation

White paper: Digital Transformation & Cyber Risk: What You Need to Know to Stay Safe

2020-07-06T06:07:00+01:00Provided by

CyberGRX and Ponemon Institute surveyed 581 IT security and 302 C-suite executives to determine what impact digital transformation is having on cybersecurity and how prepared organizations are to deal with that impact.

exterro300x200

CPE Webcast: Data breach litigation post CCPA

2020-06-30T14:00:00+01:00Provided by

The biggest impact on business post CCPA, and presumably subsequent state regulations, is the impact on data breaches.

Cyber locks

Bill proposes national cyber-security czar

2020-06-26T18:09:00+01:00By

A bill with bipartisan Congressional support proposes to create a national cyber-security czar who would report directly to the president.

Cyber-security

Report slams ‘woefully lax’ cyber-security controls at CIA

2020-06-18T17:00:00+01:00By

Cyber-security protections deployed for some of the nation’s most secret data was “woefully lax,” according to a 2017 intelligence brief that detailed shortcomings at the CIA following the agency’s 2016 data breach.

DigitalChecklist

Five cyber-security lessons from the pandemic

2020-06-16T14:27:00+01:00By David Kessler, CW Guest Columnist

Verizon Public Sector Counsel David Kessler, winner of CW’s “Excellence in Compliance: Cyber-Security” award, offers five lessons garnered from the pandemic to assist companies with their cyber-security compliance.

Data breach

Report: Average data breach costs public companies $116M

2020-06-09T20:02:00+01:00By

An Audit Analytics report on cyber-security breaches at public companies found the sensitivity of customer information stolen—along with length of time it took companies to report breaches—greatly affected the financial damage the breaches caused.

Coronavirus crime

Five ways to protect yourself from coronavirus cyber-attacks

2020-05-26T17:28:00+01:00By Holly Thomas-Wrightson, International Compliance Association

Cyber-criminals are making attempts to test the cyber-security of those working from home during the coronavirus pandemic. Here are ways to help defend yourself and your business from these potential threats.

trustarc 300x200

CPE Webcast: Calculating COVID-19 third-party privacy risks

2020-05-26T14:00:00+01:00Provided by

COVID-19 has completely changed the way organizations do business, both internally and externally. The influx of sensitive data being collected makes proactively identifying and managing privacy risk a big challenge.

power_anderson

Coronavirus has made CW2020 a (virtual) gathering like no other

2020-05-15T14:58:00+01:00By

The coronavirus pandemic has made getting together for our annual National Conference impossible, but it’s also made this virtual gathering (Monday and Tuesday) perhaps the most important one we’ve ever had.

Rosenstein

Rewriting the cyber-compliance playbook

2020-05-11T13:41:00+01:00By Rod Rosenstein & Sumon Dantiki, CW Guest Columnists

Former U.S. deputy attorney general Rod Rosenstein provides some best practices companies can employ in their fight against a new era of cyber-crime.

bitcoin laundering

Cyber-criminals have supply chains, too

2020-05-06T20:02:00+01:00By

All cyber-attacks leave a trail. These trails can be complex, of course, but the criminals cannot avoid them. Thus, they leave a supply chain of intelligence and data.

breach

Current cyber-environment calls for proactive approach

2020-04-30T15:26:00+01:00By

The conventional wisdom on cyber-security is to play defense and respond quickly to breaches. But these are not normal times, and proper cyber-hygiene is more important than ever.

ICA, ICTTF partner on new cyber-risk offering

2020-04-29T15:44:00+01:00By GRC Announcements

The International Compliance Association announced it has partnered with the International Cyber Threat Task Force to offer a new program in cyber-risk management.

finalists banner 600x400

First round of finalists named for Excellence in Compliance Awards

2020-04-06T13:39:00+01:00By

Compliance Week has pared down its list of more than 300 nominees for its first annual Excellence in Compliance Awards and is pleased to announce the finalists for nine of the 15 categories.

Videoconference

Lessons from Zoom: Coronavirus exposes videoconference risks

2020-04-03T17:04:00+01:00By

Stay-at-home orders during the coronavirus pandemic have led to explosions of use for popular videoconferencing platforms, some of which have struggled to adjust to new privacy concerns.

Marriott

Latest Marriott breach exposes 5.2M guests

2020-03-31T19:51:00+01:00By

Marriott International says a breach may have compromised the personal data of 5.2 million customers, the second significant data breach for the hotel chain since 2018.

Houseparty

App offers $1M bounty for proof of alleged hacking smear campaign

2020-03-31T18:44:00+01:00By

Popular face-to-face social networking app Houseparty is on the defensive amid claims of a data breach, offering a $1 million bounty for proof in what it believes may be a “paid commercial smear campaign.”

EyeOnDataPrivacy

CCPA, SHIELD Act to take back seat during coronavirus pandemic?

2020-03-24T18:26:00+00:00By

With state attorneys general now fixated on “stay at home” directives amid the coronavirus pandemic, oversight of data privacy regulation may dip. But consumers—and the plaintiffs’ bar—are still watching.

Italy flag

Analysis: Cyber-attacks spike in Italy linked to coronavirus

2020-03-18T15:03:00+00:00By

Italy, a region in quarantine, is experiencing a spike in attempted cyber-attacks to capture the login credentials of employees working remotely. But not all the attacks have been successful, and that’s where the lessons lie.

Hackers

5 tips to immunize yourself against coronavirus-emboldened hackers

2020-03-17T20:16:00+00:00By

In this time of fear and uncertainty, it’s more critical than ever to practice good cyber-security hygiene (just think of it as the technical version of proper handwashing).

Work from home

Employees working from home to avoid coronavirus? Protect your data

2020-03-12T19:54:00+00:00By

With the coronavirus threat having moved on from disrupting your business’s supply chain to threatening your employees’ health at home, now is the time to implement that company-wide remote workplace plan.

proofpoint300x200

Webcast: Regulatory update for financial services

2020-03-12T15:47:00+00:00Provided by

FINRA’s Exam Priorities, Regulation BI, and the SEC’s Cybersecurity Guidance

PhoneHack

T-Mobile data breach: A cautionary tale for all companies

2020-03-06T19:11:00+00:00By

For the second time in a matter of four months, T-Mobile announced it has suffered a data breach. Cyber-security experts say it’s a cautionary tale about the vulnerabilities of e-mail accounts that are not properly secured.

Virgin Media

​Virgin Media could face GDPR pressure after data breach

2020-03-06T17:54:00+00:00By

Virgin Media is likely to be in the GDPR crosshairs after disclosing a recent breach that affected approximately 900,000 customers to the U.K.’s data regulator.

Cathay Pacific

U.K.’s ICO fines Cathay Pacific for pre-GDPR breach

2020-03-04T18:37:00+00:00By

The U.K. Information Commissioner’s Office has fined airline Cathay Pacific £500,000 (U.S. $643,000) for failing to protect the personal data of millions of customers.

Facial recognition

Controversial facial image aggregator Clearview AI reveals breach

2020-02-27T20:03:00+00:00By

A company with a huge database of facial images informed its law enforcement customers this week that it suffered a data breach.

prevalent feb cover img

White paper: Achieving Compliance with TPRM Regulatory and Framework Requirements

2020-02-25T05:37:00+00:00Provided by

Measuring compliance against third-party risk management requirements is complex and time consuming; and with growing numbers of data breaches originating with third parties and all the regulatory activity that comes as a result, it never lets up.

MGM Resorts

Reports: Bieber, Twitter’s Dorsey among 10.6M affected by MGM Resorts hack

2020-02-20T18:03:00+00:00By

Pop star Justin Bieber and Twitter CEO Jack Dorsey were among 10.6 million MGM Resorts guests to have their personal information exposed in a data breach last year, according to multiple reports.